From ffdbc91e005c6d25307a9390e7714e6412e53cf5 Mon Sep 17 00:00:00 2001 From: Arnaud Lheureux Date: Mon, 4 Jan 2021 03:07:08 +0000 Subject: [PATCH 1/6] Initial autodoc --- .pre-commit-config.yaml | 8 +- UPGRADE.md | 2 +- documentation/coding_cec.md | 3 + examples/README.md | 131 +++++++++++++++++- .../100-all-attributes/configuration.tfvars | 6 +- .../configuration.tfvars | 2 +- .../210-vm-bastion-winrm/standalone/main.tf | 3 +- .../virtual_machines.tfvars | 2 +- .../standalone/readme.md | 2 +- .../configuration.tfvars | 37 ++--- .../100-aml/configuration.tfvars | 15 ++ .../101-aml-vnet/configuration.tfvars | 18 ++- .../100-simple-mariadb/configuration.tfvars | 34 ++--- .../configuration.tfvars | 48 +++---- .../configuration.tfvars | 52 +++---- .../configuration.tfvars | 54 ++++---- .../100-simple-dns_zone/configuration.tfvars | 8 +- .../100-simple-front_door/dns_zone.tfvars | 8 +- .../front_door_waf_policies.tfvars | 1 - .../100-simple-front_door/front_doors.tfvars | 6 +- .../keyvault_certificate_requests.tfvars | 30 ++-- .../centralized/standalone/readme.md | 2 +- .../100-synapse/configuration.tfvars | 14 +- .../configuration.tfvars | 19 ++- .../analytics/databricks_workspace/README.md | 48 +++++++ .../analytics/databricks_workspace/output.tf | 22 +-- .../databricks_workspace/variables.tf | 52 ++++++- .../databricks_workspace/workspace.tf | 4 +- .../compute_instance/variables.tf | 19 ++- modules/analytics/machine_learning/output.tf | 11 +- modules/analytics/machine_learning/readme.md | 51 ++++++- .../analytics/machine_learning/variables.tf | 63 +++++++-- .../analytics/machine_learning/workspace.tf | 1 + modules/analytics/synapse/README.md | 52 +++++++ modules/analytics/synapse/output.tf | 35 ++++- .../analytics/synapse/spark_pool/output.tf | 4 + .../analytics/synapse/spark_pool/variables.tf | 9 +- modules/analytics/synapse/sql_pool/output.tf | 4 + .../analytics/synapse/sql_pool/variables.tf | 9 +- modules/analytics/synapse/variables.tf | 37 ++++- modules/app_insights/README.md | 56 ++++++++ modules/app_insights/output.tf | 13 +- modules/app_insights/variables.tf | 37 +++-- modules/automation/README.md | 48 +++++++ modules/automation/output.tf | 19 ++- modules/automation/variables.tf | 34 ++++- modules/azuread/applications/README.md | 50 +++++++ modules/azuread/applications/variables.tf | 4 +- modules/azuread/groups/README.md | 43 ++++++ modules/azuread/groups/main.tf | 0 modules/azuread/groups/output.tf | 17 ++- modules/azuread/groups/variables.tf | 13 +- modules/azuread/groups_members/README.md | 39 ++++++ modules/azuread/roles/README.md | 37 +++++ modules/azuread/users/README.md | 45 ++++++ modules/azuread/users/variables.tf | 8 +- modules/compute/aks/README.md | 61 ++++++++ modules/compute/aks/variables.tf | 9 +- modules/compute/availability_set/README.md | 52 +++++++ modules/compute/availability_set/variables.tf | 18 ++- modules/compute/container_registry/README.md | 55 ++++++++ .../compute/container_registry/variables.tf | 13 +- .../proximity_placement_group/README.md | 47 +++++++ .../proximity_placement_group/variables.tf | 18 ++- modules/compute/virtual_machine/README.md | 64 +++++++++ modules/compute/virtual_machine/variables.tf | 18 ++- modules/compute/virtual_machine/vm_windows.tf | 18 +-- .../virtual_machine_extensions/README.md | 31 +++++ .../virtual_machine_extensions/variables.tf | 4 +- modules/databases/cosmos_db/README.md | 45 ++++++ .../cosmos_db/mongo_database/variables.tf | 14 +- .../cosmos_db/sql_database/variables.tf | 14 +- modules/databases/cosmos_db/variables.tf | 19 ++- .../database_migration_service/README.md | 43 ++++++ .../database_migration_service/variables.tf | 14 +- modules/databases/mariadb_server/README.md | 58 ++++++++ .../databases/mariadb_server/configuration.tf | 2 +- .../databases/mariadb_server/network_rule.tf | 2 +- modules/databases/mariadb_server/server.tf | 6 +- modules/databases/mariadb_server/variables.tf | 19 ++- modules/databases/mssql_database/README.md | 46 ++++++ modules/databases/mssql_database/variables.tf | 9 +- .../databases/mssql_elastic_pool/README.md | 46 ++++++ .../databases/mssql_elastic_pool/variables.tf | 19 ++- .../mssql_managed_database/README.md | 49 +++++++ .../mssql_managed_database/variables.tf | 19 ++- .../mssql_managed_instance/README.md | 51 +++++++ .../administrator/variables.tf | 5 +- .../failover_group/variables.tf | 9 +- .../mssql_managed_instance/variables.tf | 19 ++- modules/databases/mssql_server/README.md | 59 ++++++++ .../mssql_server/failover_group/variables.tf | 13 +- modules/databases/mssql_server/variables.tf | 23 ++- modules/databases/mysql_server/README.md | 62 +++++++++ modules/databases/mysql_server/variables.tf | 23 ++- modules/databases/postgresql_server/README.md | 58 ++++++++ .../databases/postgresql_server/variables.tf | 19 ++- modules/diagnostics/README.md | 40 ++++++ modules/diagnostics/output.tf | 4 + modules/documentation/coding_cec.md | 5 - modules/event_hub_namespaces/README.md | 47 +++++++ modules/event_hub_namespaces/output.tf | 15 +- modules/event_hub_namespaces/variables.tf | 13 +- modules/log_analytics/README.md | 48 +++++++ modules/log_analytics/variables.tf | 9 +- modules/log_analytics/workspace.tf | 1 - .../service_health_alerts/README.md | 41 ++++++ .../networking/application_gateway/README.md | 55 ++++++++ .../application_gateway/variable.tf | 23 ++- modules/networking/dns_zone/README.md | 48 +++++++ modules/networking/dns_zone/dns_zone.tf | 4 +- modules/networking/dns_zone/main.tf | 2 +- modules/networking/dns_zone/variables.tf | 19 ++- .../express_route_circuit/README.md | 48 +++++++ .../express_route_circuit/variables.tf | 14 +- .../README.md | 42 ++++++ .../variables.tf | 5 +- modules/networking/firewall/README.md | 53 +++---- .../examples/101-simple firewall/firewall.tf | 82 ----------- .../examples/101-simple firewall/locals.tf | 94 ------------- .../examples/101-simple firewall/output.tf | 3 - modules/networking/firewall/variables.tf | 9 +- .../README.md | 43 ++++++ .../variables.tf | 4 +- .../firewall_nat_rule_collections/README.md | 43 ++++++ .../variables.tf | 4 +- .../README.md | 43 ++++++ .../variables.tf | 4 +- modules/networking/front_door/README.md | 52 +++++++ .../front_door/keyvault_permissions.tf | 6 +- modules/networking/front_door/variables.tf | 18 ++- .../front_door_waf_policy/README.md | 45 ++++++ .../front_door_waf_policy/output.tf | 2 +- .../front_door_waf_policy/variables.tf | 14 +- .../front_door_waf_policy/waf_policy.tf | 2 +- .../local_network_gateways/README.md | 43 ++++++ .../local_network_gateways/variables.tf | 19 ++- modules/networking/network_watcher/README.md | 46 ++++++ .../networking/network_watcher/variables.tf | 24 +++- modules/networking/private-dns/README.md | 51 +++++++ modules/networking/private-dns/variables.tf | 13 +- modules/networking/private_endpoint/README.md | 51 +++++++ .../networking/private_endpoint/variables.tf | 9 +- .../private_links/endpoints/README.md | 44 ++++++ .../endpoints/private_endpoint/variables.tf | 13 +- .../endpoints/subnet/variables.tf | 13 +- .../private_links/endpoints/variables.tf | 13 +- .../networking/public_ip_addresses/README.md | 53 +++++++ .../public_ip_addresses/variables.tf | 15 +- modules/networking/route_tables/README.md | 44 ++++++ modules/networking/route_tables/variables.tf | 20 ++- modules/networking/routes/README.md | 45 ++++++ modules/networking/routes/variables.tf | 5 +- modules/networking/virtual_network/README.md | 56 ++++++++ .../virtual_network/nsg/variables.tf | 4 +- .../virtual_network/subnet/variables.tf | 4 +- .../networking/virtual_network/variables.tf | 9 +- .../README.md | 49 +++++++ .../variables.tf | 23 ++- .../virtual_network_gateways/README.md | 47 +++++++ .../virtual_network_gateways/variables.tf | 23 ++- modules/networking/virtual_wan/README.md | 46 ++++++ modules/networking/virtual_wan/variables.tf | 19 ++- modules/recovery_vault/README.md | 55 ++++++++ modules/recovery_vault/outputs.tf | 6 +- modules/recovery_vault/variables.tf | 23 ++- modules/redis_cache/README.md | 46 ++++++ modules/redis_cache/variables.tf | 24 +++- modules/resource_group/README.md | 47 +++++++ modules/resource_group/variables.tf | 14 +- modules/roles/custom_roles/README.md | 43 ++++++ modules/roles/custom_roles/variables.tf | 4 +- modules/roles/role_assignment/README.md | 41 ++++++ .../role_assignment/assignment/variables.tf | 4 +- modules/roles/role_assignment/variables.tf | 4 +- .../dynamic_keyvault_secrets/README.md | 38 +++++ .../dynamic_keyvault_secrets/keyvault.tf | 6 +- .../dynamic_keyvault_secrets/secret_purge.tf | 18 +-- modules/security/keyvault/README.md | 53 +++++++ .../keyvault/examples/101-simple/variables.tf | 4 +- .../examples/102-with-networking/variables.tf | 4 +- modules/security/keyvault/variables.tf | 13 +- .../keyvault_access_policies/README.md | 41 ++++++ .../access_policy/access_policy.tf | 2 +- .../keyvault_access_policies/variables.tf | 4 +- .../security/keyvault_certificate/README.md | 41 ++++++ .../keyvault_certificate_issuer/README.md | 51 +++++++ .../keyvault_certificate_issuer/output.tf | 2 +- .../keyvault_certificate_issuer/variables.tf | 19 ++- .../keyvault_certificate_request/README.md | 47 +++++++ .../keyvault_certificate_request/module.tf | 10 +- .../keyvault_certificate_request/output.tf | 12 +- modules/security/managed_identity/README.md | 49 +++++++ .../security/managed_identity/variables.tf | 19 ++- modules/storage_account/README.md | 55 ++++++++ modules/storage_account/variables.tf | 18 ++- modules/subscriptions/README.md | 37 +++++ modules/subscriptions/variables.tf | 4 +- modules/webapps/appservice/README.md | 55 ++++++++ modules/webapps/appservice/variables.tf | 9 +- modules/webapps/ase/README.md | 62 +++++++++ modules/webapps/ase/variables.tf | 9 +- modules/webapps/asp/README.md | 49 +++++++ modules/webapps/asp/variables.tf | 19 ++- mysql_servers.tf | 2 +- 205 files changed, 4711 insertions(+), 719 deletions(-) create mode 100644 documentation/coding_cec.md create mode 100755 modules/analytics/databricks_workspace/README.md mode change 100644 => 100755 modules/analytics/machine_learning/readme.md create mode 100755 modules/analytics/synapse/README.md create mode 100644 modules/analytics/synapse/spark_pool/output.tf create mode 100644 modules/analytics/synapse/sql_pool/output.tf create mode 100755 modules/app_insights/README.md create mode 100755 modules/automation/README.md create mode 100755 modules/azuread/applications/README.md create mode 100755 modules/azuread/groups/README.md delete mode 100755 modules/azuread/groups/main.tf create mode 100755 modules/azuread/groups_members/README.md create mode 100755 modules/azuread/roles/README.md create mode 100755 modules/azuread/users/README.md create mode 100755 modules/compute/aks/README.md create mode 100755 modules/compute/availability_set/README.md create mode 100755 modules/compute/container_registry/README.md create mode 100755 modules/compute/proximity_placement_group/README.md create mode 100755 modules/compute/virtual_machine/README.md create mode 100755 modules/compute/virtual_machine_extensions/README.md create mode 100755 modules/databases/cosmos_db/README.md create mode 100755 modules/databases/database_migration_service/README.md create mode 100755 modules/databases/mariadb_server/README.md create mode 100755 modules/databases/mssql_database/README.md create mode 100755 modules/databases/mssql_elastic_pool/README.md create mode 100755 modules/databases/mssql_managed_database/README.md create mode 100755 modules/databases/mssql_managed_instance/README.md create mode 100755 modules/databases/mssql_server/README.md create mode 100755 modules/databases/mysql_server/README.md create mode 100755 modules/databases/postgresql_server/README.md create mode 100755 modules/diagnostics/README.md create mode 100644 modules/diagnostics/output.tf delete mode 100644 modules/documentation/coding_cec.md create mode 100755 modules/event_hub_namespaces/README.md create mode 100755 modules/log_analytics/README.md create mode 100755 modules/monitoring/service_health_alerts/README.md create mode 100755 modules/networking/application_gateway/README.md create mode 100755 modules/networking/dns_zone/README.md create mode 100755 modules/networking/express_route_circuit/README.md create mode 100755 modules/networking/express_route_circuit_authorization/README.md delete mode 100755 modules/networking/firewall/examples/101-simple firewall/firewall.tf delete mode 100755 modules/networking/firewall/examples/101-simple firewall/locals.tf delete mode 100755 modules/networking/firewall/examples/101-simple firewall/output.tf create mode 100755 modules/networking/firewall_application_rule_collections/README.md create mode 100755 modules/networking/firewall_nat_rule_collections/README.md create mode 100755 modules/networking/firewall_network_rule_collections/README.md create mode 100755 modules/networking/front_door/README.md create mode 100755 modules/networking/front_door_waf_policy/README.md create mode 100755 modules/networking/local_network_gateways/README.md create mode 100755 modules/networking/network_watcher/README.md create mode 100755 modules/networking/private-dns/README.md create mode 100755 modules/networking/private_endpoint/README.md create mode 100755 modules/networking/private_links/endpoints/README.md create mode 100755 modules/networking/public_ip_addresses/README.md create mode 100755 modules/networking/route_tables/README.md create mode 100755 modules/networking/routes/README.md create mode 100755 modules/networking/virtual_network/README.md create mode 100755 modules/networking/virtual_network_gateway_connections/README.md create mode 100755 modules/networking/virtual_network_gateways/README.md create mode 100755 modules/networking/virtual_wan/README.md create mode 100755 modules/recovery_vault/README.md create mode 100755 modules/redis_cache/README.md create mode 100755 modules/resource_group/README.md create mode 100755 modules/roles/custom_roles/README.md create mode 100755 modules/roles/role_assignment/README.md create mode 100755 modules/security/dynamic_keyvault_secrets/README.md create mode 100755 modules/security/keyvault/README.md create mode 100755 modules/security/keyvault_access_policies/README.md create mode 100755 modules/security/keyvault_certificate/README.md create mode 100755 modules/security/keyvault_certificate_issuer/README.md create mode 100755 modules/security/keyvault_certificate_request/README.md create mode 100755 modules/security/managed_identity/README.md create mode 100755 modules/storage_account/README.md create mode 100755 modules/subscriptions/README.md create mode 100755 modules/webapps/appservice/README.md create mode 100755 modules/webapps/ase/README.md create mode 100755 modules/webapps/asp/README.md diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 36a0090848..b4df8adf3f 100755 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -2,14 +2,16 @@ # See http://pre-commit.com/hooks.html for more hooks repos: - repo: git://github.com/antonbabenko/pre-commit-terraform - rev: v1.44.0 + rev: v1.45.0 hooks: - id: terraform_fmt - # - id: terraform_docs + - id: terraform_docs # - id: terraform_tflint + # - id: terraform_validate # - id: terraform_tfsec + # - id: checkov - repo: git://github.com/pre-commit/pre-commit-hooks - rev: v3.3.0 + rev: v3.4.0 hooks: - id: check-merge-conflict - id: trailing-whitespace diff --git a/UPGRADE.md b/UPGRADE.md index eeaf0b42a2..02ed393eac 100644 --- a/UPGRADE.md +++ b/UPGRADE.md @@ -13,7 +13,7 @@ var.virtual_machines//virtual_machine_settings/windows/ Example of the updated sturcture /examples/compute/virtual_machine/211-vm-bastion-winrm-agents/virtual_machines.tfvars -Replace +Replace ```hcl admin_user_key = "vm-win-admin-username" ``` diff --git a/documentation/coding_cec.md b/documentation/coding_cec.md new file mode 100644 index 0000000000..8c32e1e5e9 --- /dev/null +++ b/documentation/coding_cec.md @@ -0,0 +1,3 @@ +# Common Engineering Criteria for landing zones module + +## Module diff --git a/examples/README.md b/examples/README.md index e83e1387c5..5404bd6124 100755 --- a/examples/README.md +++ b/examples/README.md @@ -35,6 +35,10 @@ rover -lz /tf/caf/examples \ -a plan|apply ``` +## Deploying examples with Terraform + +Each module can be deployed outside of the rover using native Terraform, please refer to the instructions within each example directory, whenver you have a /standalone subdirectory. + ## Developing and testing module for landing zones @@ -67,4 +71,129 @@ module "networking" { source = "../../.." ``` -You should now be able to run landing zones as usual, except it will source the module locally, so you can test the features you introduced in the module. \ No newline at end of file +You should now be able to run landing zones as usual, except it will source the module locally, so you can test the features you introduced in the module. + +## Using the examples + +You can customize the examples execution by modifying the variables as follow: + + +## Requirements + +| Name | Version | +|------|---------| +| terraform | >= 0.13 | +| azuread | ~> 1.0.0 | +| azurecaf | ~> 1.1.0 | +| azurerm | ~> 2.40.0 | +| external | ~> 1.2.0 | +| null | ~> 2.1.0 | +| random | ~> 2.2.1 | +| time | ~> 0.6.0 | +| tls | ~> 2.2.0 | + +## Providers + +| Name | Version | +|------|---------| +| terraform | n/a | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| aks\_clusters | n/a | `map` | `{}` | no | +| app\_service\_environments | n/a | `map` | `{}` | no | +| app\_service\_plans | n/a | `map` | `{}` | no | +| app\_services | n/a | `map` | `{}` | no | +| application\_gateway\_applications | n/a | `map` | `{}` | no | +| application\_gateways | n/a | `map` | `{}` | no | +| availability\_sets | n/a | `map` | `{}` | no | +| azuread\_groups | n/a | `map` | `{}` | no | +| azuread\_roles | n/a | `map` | `{}` | no | +| azurerm\_application\_insights | n/a | `map` | `{}` | no | +| azurerm\_redis\_caches | n/a | `map` | `{}` | no | +| azurerm\_routes | n/a | `map` | `{}` | no | +| bastion\_hosts | n/a | `map` | `{}` | no | +| cosmos\_db | n/a | `map` | `{}` | no | +| cosmos\_dbs | n/a | `map` | `{}` | no | +| databricks\_workspaces | n/a | `map` | `{}` | no | +| diagnostic\_event\_hub\_namespaces | n/a | `map` | `{}` | no | +| diagnostic\_log\_analytics | n/a | `map` | `{}` | no | +| diagnostic\_storage\_accounts | n/a | `map` | `{}` | no | +| diagnostics\_definition | n/a | `any` | `null` | no | +| diagnostics\_destinations | n/a | `map` | `{}` | no | +| dns\_zones | n/a | `map` | `{}` | no | +| dynamic\_keyvault\_secrets | n/a | `map` | `{}` | no | +| environment | n/a | `string` | `"sandpit"` | no | +| event\_hub\_namespaces | n/a | `map` | `{}` | no | +| express\_route\_circuit\_authorizations | n/a | `map` | `{}` | no | +| express\_route\_circuits | n/a | `map` | `{}` | no | +| front\_door\_waf\_policies | n/a | `map` | `{}` | no | +| front\_doors | n/a | `map` | `{}` | no | +| global\_settings | n/a | `map` |
{
"default_region": "region1",
"regions": {
"region1": "southeastasia",
"region2": "eastasia"
}
}
| no | +| keyvault\_access\_policies | n/a | `map` | `{}` | no | +| keyvault\_certificate\_issuers | n/a | `map` | `{}` | no | +| keyvault\_certificate\_requests | n/a | `map` | `{}` | no | +| keyvaults | n/a | `map` | `{}` | no | +| landingzone | n/a | `map` |
{
"backend_type": "azurerm",
"global_settings_key": "launchpad",
"key": "examples",
"level": "level0",
"tfstates": {
"launchpad": {
"level": "lower",
"tfstate": "caf_launchpad.tfstate"
}
}
}
| no | +| local\_network\_gateways | n/a | `map` | `{}` | no | +| log\_analytics | n/a | `map` | `{}` | no | +| logged\_aad\_app\_objectId | n/a | `any` | `null` | no | +| logged\_user\_objectId | n/a | `any` | `null` | no | +| lower\_container\_name | n/a | `any` | n/a | yes | +| lower\_resource\_group\_name | n/a | `any` | n/a | yes | +| lower\_storage\_account\_name | Map of the remote data state for lower level | `any` | n/a | yes | +| machine\_learning\_workspaces | n/a | `map` | `{}` | no | +| managed\_identities | n/a | `map` | `{}` | no | +| mariadb\_databases | n/a | `map` | `{}` | no | +| mariadb\_servers | n/a | `map` | `{}` | no | +| monitoring | n/a | `map` | `{}` | no | +| mssql\_databases | n/a | `map` | `{}` | no | +| mssql\_elastic\_pools | n/a | `map` | `{}` | no | +| mssql\_failover\_groups | n/a | `map` | `{}` | no | +| mssql\_managed\_databases | n/a | `map` | `{}` | no | +| mssql\_managed\_databases\_restore | n/a | `map` | `{}` | no | +| mssql\_managed\_instances | n/a | `map` | `{}` | no | +| mssql\_managed\_instances\_secondary | n/a | `map` | `{}` | no | +| mssql\_mi\_administrators | n/a | `map` | `{}` | no | +| mssql\_mi\_failover\_groups | n/a | `map` | `{}` | no | +| mssql\_servers | n/a | `map` | `{}` | no | +| mysql\_servers | n/a | `map` | `{}` | no | +| network\_security\_group\_definition | n/a | `any` | `null` | no | +| network\_watchers | n/a | `map` | `{}` | no | +| postgresql\_servers | n/a | `map` | `{}` | no | +| private\_dns | n/a | `map` | `{}` | no | +| private\_endpoints | n/a | `map` | `{}` | no | +| proximity\_placement\_groups | n/a | `map` | `{}` | no | +| public\_ip\_addresses | n/a | `map` | `{}` | no | +| recovery\_vaults | n/a | `map` | `{}` | no | +| resource\_groups | n/a | `any` | `null` | no | +| role\_mapping | n/a | `map` | `{}` | no | +| route\_tables | n/a | `map` | `{}` | no | +| rover\_version | n/a | `any` | `null` | no | +| storage\_accounts | n/a | `map` | `{}` | no | +| synapse\_workspaces | n/a | `map` | `{}` | no | +| tags | n/a | `map` | `null` | no | +| tenant\_id | n/a | `any` | n/a | yes | +| tfstate\_container\_name | n/a | `any` | n/a | yes | +| tfstate\_key | n/a | `any` | n/a | yes | +| tfstate\_resource\_group\_name | n/a | `any` | n/a | yes | +| tfstate\_storage\_account\_name | n/a | `any` | n/a | yes | +| tfstate\_subscription\_id | n/a | `any` | n/a | yes | +| var\_folder\_path | n/a | `map` | `{}` | no | +| virtual\_machines | n/a | `map` | `{}` | no | +| virtual\_network\_gateway\_connections | n/a | `map` | `{}` | no | +| virtual\_network\_gateways | n/a | `map` | `{}` | no | +| virtual\_wans | n/a | `map` | `{}` | no | +| vnet\_peerings | n/a | `map` | `{}` | no | +| vnets | n/a | `map` | `{}` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| mssql\_managed\_instances | n/a | +| virtual\_machines | n/a | + + \ No newline at end of file diff --git a/examples/app_insights/100-all-attributes/configuration.tfvars b/examples/app_insights/100-all-attributes/configuration.tfvars index cdf8d1a83a..1ed86c3793 100644 --- a/examples/app_insights/100-all-attributes/configuration.tfvars +++ b/examples/app_insights/100-all-attributes/configuration.tfvars @@ -17,10 +17,10 @@ azurerm_application_insights = { name = "tf-test-appinsights-web" resource_group_key = "rg1" application_type = "web" - daily_data_cap_in_gb = "100" + daily_data_cap_in_gb = 100 daily_data_cap_notifications_disabled = false - retention_in_days = "180" - sampling_percentage = "50" + retention_in_days = 180 + sampling_percentage = 50 disable_ip_masking = true } ios = { diff --git a/examples/compute/availability_set/101-availabilityset-with-proximity-placement-group/configuration.tfvars b/examples/compute/availability_set/101-availabilityset-with-proximity-placement-group/configuration.tfvars index 5fae76cd91..11bc11790e 100644 --- a/examples/compute/availability_set/101-availabilityset-with-proximity-placement-group/configuration.tfvars +++ b/examples/compute/availability_set/101-availabilityset-with-proximity-placement-group/configuration.tfvars @@ -110,7 +110,7 @@ virtual_machines = { virtual_machine_settings = { linux = { availability_set_key = "avset1" - proximity_placement_group_key = "ppg1" + proximity_placement_group_key = "ppg1" name = "example_vm2" size = "Standard_F2" admin_username = "adminuser" diff --git a/examples/compute/virtual_machine/210-vm-bastion-winrm/standalone/main.tf b/examples/compute/virtual_machine/210-vm-bastion-winrm/standalone/main.tf index 6e445f733b..d7afb3a1d2 100644 --- a/examples/compute/virtual_machine/210-vm-bastion-winrm/standalone/main.tf +++ b/examples/compute/virtual_machine/210-vm-bastion-winrm/standalone/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "~> 2.33.0" + version = "~> 2.40.0" } azuread = { source = "hashicorp/azuread" @@ -30,6 +30,7 @@ terraform { } } required_version = ">= 0.13" + # backend "remote" {} } diff --git a/examples/compute/virtual_machine/211-vm-bastion-winrm-agents/virtual_machines.tfvars b/examples/compute/virtual_machine/211-vm-bastion-winrm-agents/virtual_machines.tfvars index 93ee5bb760..032a2022cf 100644 --- a/examples/compute/virtual_machine/211-vm-bastion-winrm-agents/virtual_machines.tfvars +++ b/examples/compute/virtual_machine/211-vm-bastion-winrm-agents/virtual_machines.tfvars @@ -93,7 +93,7 @@ virtual_machines = { admin_password_key = "vm-win-admin-password" # Value of the nic keys to attach the VM. The first one in the list is the default nic - network_interface_keys = ["nic0","nic1"] + network_interface_keys = ["nic0", "nic1"] zone = "1" diff --git a/examples/cosmos_db/100-simple-cosmos-db-mongo/standalone/readme.md b/examples/cosmos_db/100-simple-cosmos-db-mongo/standalone/readme.md index c732575e19..88d8f18a98 100644 --- a/examples/cosmos_db/100-simple-cosmos-db-mongo/standalone/readme.md +++ b/examples/cosmos_db/100-simple-cosmos-db-mongo/standalone/readme.md @@ -3,7 +3,7 @@ You can test this module outside of a landingzone using ```bash terraform init -terraform [plan|apply|destroy] \ +terraform [plan|apply|destroy] \ -var-file ../configuration.tfvars \ -var-file ../keyvaults.tfvars \ -var-file ../nsg_definitions.tfvars \ diff --git a/examples/databricks/100-simple-databricks/configuration.tfvars b/examples/databricks/100-simple-databricks/configuration.tfvars index f49f0256e9..b8675f0e46 100644 --- a/examples/databricks/100-simple-databricks/configuration.tfvars +++ b/examples/databricks/100-simple-databricks/configuration.tfvars @@ -1,5 +1,6 @@ - - +# +# Global settings +# global_settings = { default_region = "region1" regions = { @@ -7,6 +8,9 @@ global_settings = { } } +# +# Resource groups to be created +# resource_groups = { databricks_re1 = { name = "databricks-re1" @@ -14,7 +18,9 @@ resource_groups = { } } - +# +# Databricks workspace settings +# databricks_workspaces = { sales_workspaces = { name = "sales_workspace" @@ -29,25 +35,9 @@ databricks_workspaces = { } } -keyvaults = { - secrets_re1 = { - name = "secrets" - resource_group_key = "databricks_re1" - sku_name = "standard" - - creation_policies = { - logged_in_user = { - # if the key is set to "logged_in_user" add the user running terraform in the keyvault policy - # More examples in /examples/keyvault - secret_permissions = ["Set", "Get", "List", "Delete", "Purge", "Recover"] - } - logged_in_aad_app = { - secret_permissions = ["Set", "Get", "List", "Delete", "Purge"] - } - } - } -} - +# +# Virtual network for Databricks resources +# vnets = { vnet_region1 = { resource_group_key = "databricks_re1" @@ -76,9 +66,8 @@ vnets = { } } - # -# Definition of the networking security groups +# Definition of the security groups for the virtual subnets # network_security_group_definition = { # This entry is applied to all subnets with no NSG defined diff --git a/examples/machine_learning/100-aml/configuration.tfvars b/examples/machine_learning/100-aml/configuration.tfvars index cd1c84079f..0e3aa3d257 100644 --- a/examples/machine_learning/100-aml/configuration.tfvars +++ b/examples/machine_learning/100-aml/configuration.tfvars @@ -1,9 +1,15 @@ +# +# Resource groups to be created +# resource_groups = { dap_azure_ml_re1 = { name = "azure-ml" } } +# +# Machine learning workspace settings +# machine_learning_workspaces = { ml_workspace_re1 = { name = "amlwrkspc" @@ -15,6 +21,9 @@ machine_learning_workspaces = { } } +# +# App insights settings +# azurerm_application_insights = { ml_app_insight = { name = "ml-app-insight" @@ -23,6 +32,9 @@ azurerm_application_insights = { } } +# +# Storage account settings +# storage_accounts = { amlstorage_re1 = { name = "amlwrkspcstg" @@ -34,6 +46,9 @@ storage_accounts = { } } +# +# Key Vault settings +# keyvaults = { aml_secrets = { name = "amlsecrets" diff --git a/examples/machine_learning/101-aml-vnet/configuration.tfvars b/examples/machine_learning/101-aml-vnet/configuration.tfvars index 41cba5965d..4ff2737288 100644 --- a/examples/machine_learning/101-aml-vnet/configuration.tfvars +++ b/examples/machine_learning/101-aml-vnet/configuration.tfvars @@ -1,9 +1,15 @@ +# +# Resource groups to be created +# resource_groups = { dap_azure_ml_re1 = { name = "azure-ml" } } +# +# Machine learning workspace settings +# machine_learning_workspaces = { ml_workspace_re1 = { name = "amlwrkspc" @@ -26,6 +32,9 @@ machine_learning_workspaces = { } } +# +# App insights settings +# azurerm_application_insights = { ml_app_insight = { name = "ml-app-insight" @@ -34,6 +43,9 @@ azurerm_application_insights = { } } +# +# Storage account settings +# storage_accounts = { amlstorage_re1 = { name = "amlwrkspcstg" @@ -45,7 +57,9 @@ storage_accounts = { } } - +# +# Key Vault settings +# keyvaults = { aml_secrets = { name = "amlsecrets" @@ -53,4 +67,4 @@ keyvaults = { sku_name = "premium" soft_delete_enabled = true } -} +} \ No newline at end of file diff --git a/examples/mariadb_server/100-simple-mariadb/configuration.tfvars b/examples/mariadb_server/100-simple-mariadb/configuration.tfvars index 78ef4dbb2d..0e3c057dd2 100644 --- a/examples/mariadb_server/100-simple-mariadb/configuration.tfvars +++ b/examples/mariadb_server/100-simple-mariadb/configuration.tfvars @@ -13,26 +13,26 @@ resource_groups = { mariadb_servers = { sales-re1 = { - name = "sales-re1" - region = "region1" - resource_group_key = "mariadb_region1" - version = "10.2" - sku_name = "GP_Gen5_2" - storage_mb = 5120 - administrator_login = "mariadbadmin" -# Below password argument is used to set the DB password. If not passed, there will be a random password generated and stored in azure keyvault. -# administrator_login_password = "ComplxP@ssw0rd!" + name = "sales-re1" + region = "region1" + resource_group_key = "mariadb_region1" + version = "10.2" + sku_name = "GP_Gen5_2" + storage_mb = 5120 + administrator_login = "mariadbadmin" + # Below password argument is used to set the DB password. If not passed, there will be a random password generated and stored in azure keyvault. + # administrator_login_password = "ComplxP@ssw0rd!" keyvault_key = "mariadb-re1" public_network_access_enabled = true auto_grow_enabled = true - + tags = { segment = "sales" } - + mariadb_firewall_rules = { mariadb-firewall-rules = { - name = "mariadb-firewallrule" + name = "mariadb-firewallrule" resource_group_name = "mariadb_region1" server_name = "sales-rg1" start_ip_address = "10.0.0.1" @@ -49,7 +49,7 @@ mariadb_servers = { } } - + mariadb_database = { mariadb_database = { name = "mariadb_server_sampledb" @@ -66,7 +66,7 @@ mariadb_servers = { } retention_in_days = 7 } - + # Optional threat_detection_policy = { enabled = true @@ -78,9 +78,9 @@ mariadb_servers = { # "Unsafe_Action" ] email_account_admins = false - email_addresses = [] - retention_days = 15 - storage_account_key = "security-re1" + email_addresses = [] + retention_days = 15 + storage_account_key = "security-re1" } } diff --git a/examples/mariadb_server/101-vnet-rule-mariadb/configuration.tfvars b/examples/mariadb_server/101-vnet-rule-mariadb/configuration.tfvars index 7b060f0e1d..ecc0535022 100644 --- a/examples/mariadb_server/101-vnet-rule-mariadb/configuration.tfvars +++ b/examples/mariadb_server/101-vnet-rule-mariadb/configuration.tfvars @@ -13,16 +13,16 @@ resource_groups = { mariadb_servers = { sales-re1 = { - name = "sales-re1" - region = "region1" - resource_group_key = "mariadb_region1" - version = "10.2" -# MariaDB Virtual Network Rules can only be used with SKU Tiers of GeneralPurpose or MemoryOptimized - sku_name = "GP_Gen5_2" - storage_mb = 5120 - administrator_login = "mariadbadmin" -# Below password argument is used to set the DB password. If not passed, there will be a random password generated and stored in azure keyvault. -# administrator_login_password = "ComplxP@ssw0rd!" + name = "sales-re1" + region = "region1" + resource_group_key = "mariadb_region1" + version = "10.2" + # MariaDB Virtual Network Rules can only be used with SKU Tiers of GeneralPurpose or MemoryOptimized + sku_name = "GP_Gen5_2" + storage_mb = 5120 + administrator_login = "mariadbadmin" + # Below password argument is used to set the DB password. If not passed, there will be a random password generated and stored in azure keyvault. + # administrator_login_password = "ComplxP@ssw0rd!" keyvault_key = "mariadb-re1" public_network_access_enabled = true auto_grow_enabled = true @@ -32,10 +32,10 @@ mariadb_servers = { tags = { segment = "sales" } - + mariadb_firewall_rules = { mariadb-firewall-rules = { - name = "mariadb-firewallrule" + name = "mariadb-firewallrule" resource_group_name = "mariadb_region1" server_name = "sales-rg1" start_ip_address = "10.0.0.1" @@ -54,7 +54,7 @@ mariadb_servers = { mariadb_vnet_rules = { mariadb_vnet_rules = { - name = "mariadb-vnet-rule" + name = "mariadb-vnet-rule" } } @@ -67,14 +67,14 @@ mariadb_servers = { collation = "utf8_general_ci" } } - + extended_auditing_policy = { storage_account = { key = "auditing-re1" } retention_in_days = 7 } - + # Optional threat_detection_policy = { enabled = true @@ -86,9 +86,9 @@ mariadb_servers = { # "Unsafe_Action" ] email_account_admins = false - email_addresses = [] - retention_days = 15 - storage_account_key = "security-re1" + email_addresses = [] + retention_days = 15 + storage_account_key = "security-re1" } } @@ -99,21 +99,21 @@ mariadb_servers = { vnets = { vnet_region1 = { resource_group_key = "mariadb_region1" - + vnet = { name = "mariadb-vnet" address_space = ["10.150.102.0/24"] - + } #specialsubnets = {} subnets = { mariadb_subnet = { - name = "mariadb_subnet" - cidr = ["10.150.102.0/25"] - service_endpoints = ["Microsoft.Sql"] + name = "mariadb_subnet" + cidr = ["10.150.102.0/25"] + service_endpoints = ["Microsoft.Sql"] } } - + } } diff --git a/examples/mariadb_server/102-private-endpoint-mariadb/configuration.tfvars b/examples/mariadb_server/102-private-endpoint-mariadb/configuration.tfvars index 8b2bb456f3..b119bd95dc 100644 --- a/examples/mariadb_server/102-private-endpoint-mariadb/configuration.tfvars +++ b/examples/mariadb_server/102-private-endpoint-mariadb/configuration.tfvars @@ -13,25 +13,25 @@ resource_groups = { mariadb_servers = { sales-re1 = { - name = "sales-re1" - region = "region1" - resource_group_key = "mariadb_region1" - version = "10.2" - sku_name = "GP_Gen5_2" - storage_mb = 5120 - administrator_login = "mariadbadmin" -# Below password argument is used to set the DB password. If not passed, there will be a random password generated and stored in azure keyvault. -# administrator_login_password = "ComplxP@ssw0rd!" + name = "sales-re1" + region = "region1" + resource_group_key = "mariadb_region1" + version = "10.2" + sku_name = "GP_Gen5_2" + storage_mb = 5120 + administrator_login = "mariadbadmin" + # Below password argument is used to set the DB password. If not passed, there will be a random password generated and stored in azure keyvault. + # administrator_login_password = "ComplxP@ssw0rd!" keyvault_key = "mariadb-re1" public_network_access_enabled = true auto_grow_enabled = true vnet_key = "vnet_region1" subnet_key = "mariadb_subnet" - + tags = { segment = "sales" } - + mariadb_configuration = { mariadb_configuration = { name = "interactive_timeout" @@ -41,7 +41,7 @@ mariadb_servers = { } } - + mariadb_database = { mariadb_database = { name = "mariadb_server_sampledb" @@ -55,16 +55,16 @@ mariadb_servers = { private_endpoints = { # Require enforce_private_link_endpoint_network_policies set to true on the subnet private-link-level4 = { - name = "sales-mariadb-re1" + name = "sales-mariadb-re1" vnet_key = "vnet_region1" subnet_key = "mariadb_subnet" resource_group_key = "mariadb_region1" private_service_connection = { - name = "sales-mariadb-re1" - is_manual_connection = false + name = "sales-mariadb-re1" + is_manual_connection = false enforce_private_link_endpoint_network_policies = "true" - subresource_names = ["mariadbServer"] + subresource_names = ["mariadbServer"] } } } @@ -75,7 +75,7 @@ mariadb_servers = { } retention_in_days = 7 } - + # Optional threat_detection_policy = { enabled = true @@ -87,9 +87,9 @@ mariadb_servers = { # "Unsafe_Action" ] email_account_admins = false - email_addresses = [] - retention_days = 15 - storage_account_key = "security-re1" + email_addresses = [] + retention_days = 15 + storage_account_key = "security-re1" } } @@ -100,22 +100,22 @@ mariadb_servers = { vnets = { vnet_region1 = { resource_group_key = "mariadb_region1" - + vnet = { name = "mariadb-vnet" address_space = ["10.150.102.0/24"] - + } #specialsubnets = {} subnets = { mariadb_subnet = { - name = "mariadb_subnet" - cidr = ["10.150.102.0/25"] + name = "mariadb_subnet" + cidr = ["10.150.102.0/25"] enforce_private_link_endpoint_network_policies = "true" - service_endpoints = ["Microsoft.Sql"] + service_endpoints = ["Microsoft.Sql"] } } - + } } diff --git a/examples/mariadb_server/103-private-endpoint-with-fw-rule-mariadb/configuration.tfvars b/examples/mariadb_server/103-private-endpoint-with-fw-rule-mariadb/configuration.tfvars index f2ede6612c..7d33bd4cbf 100644 --- a/examples/mariadb_server/103-private-endpoint-with-fw-rule-mariadb/configuration.tfvars +++ b/examples/mariadb_server/103-private-endpoint-with-fw-rule-mariadb/configuration.tfvars @@ -13,28 +13,28 @@ resource_groups = { mariadb_servers = { sales-re1 = { - name = "sales-re1" - region = "region1" - resource_group_key = "mariadb_region1" - version = "10.2" - sku_name = "GP_Gen5_2" - storage_mb = 5120 - administrator_login = "mariadbadmin" -# Below password argument is used to set the DB password. If not passed, there will be a random password generated and stored in azure keyvault. -# administrator_login_password = "ComplxP@ssw0rd!" + name = "sales-re1" + region = "region1" + resource_group_key = "mariadb_region1" + version = "10.2" + sku_name = "GP_Gen5_2" + storage_mb = 5120 + administrator_login = "mariadbadmin" + # Below password argument is used to set the DB password. If not passed, there will be a random password generated and stored in azure keyvault. + # administrator_login_password = "ComplxP@ssw0rd!" keyvault_key = "mariadb-re1" public_network_access_enabled = true auto_grow_enabled = true vnet_key = "vnet_region1" subnet_key = "mariadb_subnet" - + tags = { segment = "sales" } - + mariadb_firewall_rules = { mariadb-firewall-rules = { - name = "mariadb-firewallrule" + name = "mariadb-firewallrule" resource_group_name = "mariadb_region1" server_name = "sales-rg1" start_ip_address = "10.0.0.1" @@ -51,7 +51,7 @@ mariadb_servers = { } } - + mariadb_database = { mariadb_database = { name = "mariadb_server_sampledb" @@ -65,16 +65,16 @@ mariadb_servers = { private_endpoints = { # Require enforce_private_link_endpoint_network_policies set to true on the subnet private-link-level4 = { - name = "sales-mariadb-re1" + name = "sales-mariadb-re1" vnet_key = "vnet_region1" subnet_key = "mariadb_subnet" resource_group_key = "mariadb_region1" private_service_connection = { - name = "sales-mariadb-re1" - is_manual_connection = false + name = "sales-mariadb-re1" + is_manual_connection = false enforce_private_link_endpoint_network_policies = "true" - subresource_names = ["mariadbServer"] + subresource_names = ["mariadbServer"] } } } @@ -85,7 +85,7 @@ mariadb_servers = { } retention_in_days = 7 } - + # Optional threat_detection_policy = { enabled = true @@ -97,9 +97,9 @@ mariadb_servers = { # "Unsafe_Action" ] email_account_admins = false - email_addresses = [] - retention_days = 15 - storage_account_key = "security-re1" + email_addresses = [] + retention_days = 15 + storage_account_key = "security-re1" } } @@ -110,22 +110,22 @@ mariadb_servers = { vnets = { vnet_region1 = { resource_group_key = "mariadb_region1" - + vnet = { name = "mariadb-vnet" address_space = ["10.150.102.0/24"] - + } #specialsubnets = {} subnets = { mariadb_subnet = { - name = "mariadb_subnet" - cidr = ["10.150.102.0/25"] + name = "mariadb_subnet" + cidr = ["10.150.102.0/25"] enforce_private_link_endpoint_network_policies = "true" - service_endpoints = ["Microsoft.Sql"] + service_endpoints = ["Microsoft.Sql"] } } - + } } diff --git a/examples/networking/dns_zones/100-simple-dns_zone/configuration.tfvars b/examples/networking/dns_zones/100-simple-dns_zone/configuration.tfvars index 6726ae2ac5..70d719e094 100644 --- a/examples/networking/dns_zones/100-simple-dns_zone/configuration.tfvars +++ b/examples/networking/dns_zones/100-simple-dns_zone/configuration.tfvars @@ -15,9 +15,9 @@ resource_groups = { dns_zones = { dns_zone1 = { - name = "" // Set as empty for CI. this will creation a random_domain_name.com - region = "region1" - resource_group_key = "dns_re1" + name = "" // Set as empty for CI. this will creation a random_domain_name.com + region = "region1" + resource_group_key = "dns_re1" contract = { name_first = "John" @@ -35,4 +35,4 @@ dns_zones = { auto_renew = true } } -} \ No newline at end of file +} \ No newline at end of file diff --git a/examples/networking/front_door/100-simple-front_door/dns_zone.tfvars b/examples/networking/front_door/100-simple-front_door/dns_zone.tfvars index dd24915535..7b6237de96 100644 --- a/examples/networking/front_door/100-simple-front_door/dns_zone.tfvars +++ b/examples/networking/front_door/100-simple-front_door/dns_zone.tfvars @@ -1,8 +1,8 @@ dns_zones = { dns_zone1 = { - name = "" // When left empty generate a random domain name. Mainly used in CI - region = "region1" - resource_group_key = "front_door" + name = "" // When left empty generate a random domain name. Mainly used in CI + region = "region1" + resource_group_key = "front_door" contract = { name_first = "John" @@ -20,4 +20,4 @@ dns_zones = { auto_renew = true } } -} \ No newline at end of file +} \ No newline at end of file diff --git a/examples/networking/front_door/100-simple-front_door/front_door_waf_policies.tfvars b/examples/networking/front_door/100-simple-front_door/front_door_waf_policies.tfvars index 77be4e6ceb..3daf3dbe24 100644 --- a/examples/networking/front_door/100-simple-front_door/front_door_waf_policies.tfvars +++ b/examples/networking/front_door/100-simple-front_door/front_door_waf_policies.tfvars @@ -92,4 +92,3 @@ front_door_waf_policies = { } } - \ No newline at end of file diff --git a/examples/networking/front_door/100-simple-front_door/front_doors.tfvars b/examples/networking/front_door/100-simple-front_door/front_doors.tfvars index ef05d0e3b9..da68056b6f 100644 --- a/examples/networking/front_door/100-simple-front_door/front_doors.tfvars +++ b/examples/networking/front_door/100-simple-front_door/front_doors.tfvars @@ -100,9 +100,9 @@ front_doors = { custom_https_configuration = { certificate_source = "AzureKeyVault" #If certificate source is AzureKeyVault the below are required: - azure_key_vault_certificate_vault_id = "/subscriptions/fed745fc-818a-4b9f-8338-22368e098c5c/resourceGroups/inos-rg-front-door-rg-guinc/providers/Microsoft.KeyVault/vaults/kv-certsecrets-ccmcj" - azure_key_vault_certificate_secret_name = "test" - azure_key_vault_certificate_secret_version = "b672b38ce10245b8bd3ba75924c80d3d" + azure_key_vault_certificate_vault_id = "/subscriptions/fed745fc-818a-4b9f-8338-22368e098c5c/resourceGroups/inos-rg-front-door-rg-guinc/providers/Microsoft.KeyVault/vaults/kv-certsecrets-ccmcj" + azure_key_vault_certificate_secret_name = "test" + azure_key_vault_certificate_secret_version = "b672b38ce10245b8bd3ba75924c80d3d" # Or if created from CAF module # keyvault_certificate_key = "" } diff --git a/examples/networking/front_door/100-simple-front_door/keyvault_certificate_requests.tfvars b/examples/networking/front_door/100-simple-front_door/keyvault_certificate_requests.tfvars index d470cee8e0..3b46f8c23e 100644 --- a/examples/networking/front_door/100-simple-front_door/keyvault_certificate_requests.tfvars +++ b/examples/networking/front_door/100-simple-front_door/keyvault_certificate_requests.tfvars @@ -3,15 +3,15 @@ keyvault_certificate_requests = { name = "crm-application" keyvault_key = "cert_secrets" certificate_policy = { - issuer_key_or_name = "self" - exportable = true - key_size = 4096 // value can be 2048, 3072 or 4096 - key_type = "RSA" - reuse_key = false - renewal_action = "EmailContacts" + issuer_key_or_name = "self" + exportable = true + key_size = 4096 // value can be 2048, 3072 or 4096 + key_type = "RSA" + reuse_key = false + renewal_action = "EmailContacts" lifetime_percentage = 90 # days_before_expiry = 10 - content_type = "application/x-pkcs12" // application/x-pem-file + content_type = "application/x-pkcs12" // application/x-pem-file x509_certificate_properties = { subject = "CN=crm-application" @@ -29,20 +29,20 @@ keyvault_certificate_requests = { name = "sales-application" keyvault_key = "cert_secrets" certificate_policy = { - issuer_key_or_name = "self" - exportable = true - key_size = 4096 // value can be 2048, 3072 or 4096 - key_type = "RSA" - reuse_key = false - renewal_action = "AutoRenew" + issuer_key_or_name = "self" + exportable = true + key_size = 4096 // value can be 2048, 3072 or 4096 + key_type = "RSA" + reuse_key = false + renewal_action = "AutoRenew" lifetime_percentage = 90 # days_before_expiry = 10 - content_type = "application/x-pkcs12" // application/x-pem-file + content_type = "application/x-pkcs12" // application/x-pem-file x509_certificate_properties = { subject = "CN=sales-application" validity_in_months = 1 - key_usage = ["keyCertSign"] + key_usage = ["keyCertSign"] subject_alternative_names = { dns_names = [] emails = [] diff --git a/examples/networking/private_links/endpoints/centralized/standalone/readme.md b/examples/networking/private_links/endpoints/centralized/standalone/readme.md index e108446b4f..e9f0102516 100644 --- a/examples/networking/private_links/endpoints/centralized/standalone/readme.md +++ b/examples/networking/private_links/endpoints/centralized/standalone/readme.md @@ -27,5 +27,5 @@ rover \ -var-folder /tf/caf/examples/networking/private_links/endpoints/centralized \ -level level1 \ -a plan - + ``` \ No newline at end of file diff --git a/examples/synapse_analytics/100-synapse/configuration.tfvars b/examples/synapse_analytics/100-synapse/configuration.tfvars index ace0f8119f..eafbbf3ca9 100644 --- a/examples/synapse_analytics/100-synapse/configuration.tfvars +++ b/examples/synapse_analytics/100-synapse/configuration.tfvars @@ -1,10 +1,15 @@ - +# +# Resource groups to be created +# resource_groups = { dap_synapse_re1 = { name = "dap-synapse" } } +# +# Synapse workspace settings +# synapse_workspaces = { synapse_wrkspc_re1 = { name = "synapsewpc" @@ -24,6 +29,9 @@ synapse_workspaces = { } } +# +# Storage account settings +# storage_accounts = { synapsestorage_re1 = { name = "synapsere1" @@ -45,6 +53,9 @@ storage_accounts = { } } +# +# Key Vault settings +# keyvaults = { synapse_secrets = { name = "synapsesecrets" @@ -76,7 +87,6 @@ keyvaults = { # # IAM # - role_mapping = { built_in_role_mapping = { storage_accounts = { diff --git a/examples/synapse_analytics/101-synapse-sparkpool/configuration.tfvars b/examples/synapse_analytics/101-synapse-sparkpool/configuration.tfvars index f900e374ff..4aeeb8d7a9 100644 --- a/examples/synapse_analytics/101-synapse-sparkpool/configuration.tfvars +++ b/examples/synapse_analytics/101-synapse-sparkpool/configuration.tfvars @@ -1,15 +1,15 @@ -# Requires: -# - caf_launchpad scenario 200+ -# - caf_foundations -# - caf_neworking with 200-multi-region-hub -# - 200-basic-ml networking_spoke - +# +# Resource groups to be created +# resource_groups = { dap_synapse_re1 = { name = "dap-synapse" } } +# +# Synapse workspace settings +# synapse_workspaces = { synapse_wrkspc_re1 = { name = "synapsewpc" @@ -55,6 +55,9 @@ synapse_workspaces = { } } +# +# Storage account settings +# storage_accounts = { synapsestorage_re1 = { name = "synapsere1" @@ -76,6 +79,9 @@ storage_accounts = { } } +# +# Key Vault settings +# keyvaults = { synapse_secrets = { name = "synapsesecrets" @@ -107,7 +113,6 @@ keyvaults = { # # IAM # - role_mapping = { built_in_role_mapping = { storage_accounts = { diff --git a/modules/analytics/databricks_workspace/README.md b/modules/analytics/databricks_workspace/README.md new file mode 100755 index 0000000000..640e55042e --- /dev/null +++ b/modules/analytics/databricks_workspace/README.md @@ -0,0 +1,48 @@ +# Azure Databricks Workspace + +This submodule is part of Cloud Adoption Framework landing zones for Azure on Terraform. + +You can instantiate this submodule directly using the following parameters: + +``` +module "caf_databricks_workspace" { + source = "aztfmod/caf/azurerm//modules/analytics/databricks_workspace" + version = "4.21.2" + # insert the 7 required variables here +} +``` + + +## Requirements + +No requirements. + +## Providers + +| Name | Version | +|------|---------| +| azurecaf | n/a | +| azurerm | n/a | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| base\_tags | Base tags for the resource to be inherited from the resource group. | `map` | n/a | yes | +| client\_config | Client configuration object (see module README.md). | `any` | n/a | yes | +| global\_settings | Global settings object (see module README.md) | `any` | n/a | yes | +| location | Specifies the supported Azure location where to create the resource. Changing this forces a new resource to be created. | `string` | n/a | yes | +| resource\_group\_name | The name of the resource group where to create the resource. | `string` | n/a | yes | +| settings | Configuration object for the Databricks workspace. | `any` | n/a | yes | +| vnets | Virtual networks objects - contains all virtual networks that could potentially be used by the module. | `any` | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| id | The ID of the Databricks Workspace in the Azure management plane. | +| managed\_resource\_group\_id | The ID of the Managed Resource Group created by the Databricks Workspace. | +| workspace\_id | The unique identifier of the databricks workspace in Databricks control plane. | +| workspace\_url | The workspace URL which is of the format 'adb-{workspaceId}.{random}.azuredatabricks.net' | + + \ No newline at end of file diff --git a/modules/analytics/databricks_workspace/output.tf b/modules/analytics/databricks_workspace/output.tf index 64f1237133..6956aab6d7 100644 --- a/modules/analytics/databricks_workspace/output.tf +++ b/modules/analytics/databricks_workspace/output.tf @@ -1,19 +1,23 @@ output id { - value = azurerm_databricks_workspace.ws.id - sensitive = true + description = "The ID of the Databricks Workspace in the Azure management plane." + value = azurerm_databricks_workspace.ws.id + sensitive = true } output managed_resource_group_id { - value = azurerm_databricks_workspace.ws.managed_resource_group_id - sensitive = true + description = "The ID of the Managed Resource Group created by the Databricks Workspace." + value = azurerm_databricks_workspace.ws.managed_resource_group_id + sensitive = true } output workspace_url { - value = azurerm_databricks_workspace.ws.workspace_url - sensitive = true + description = "The workspace URL which is of the format 'adb-{workspaceId}.{random}.azuredatabricks.net'" + value = azurerm_databricks_workspace.ws.workspace_url + sensitive = true } output workspace_id { - value = azurerm_databricks_workspace.ws.workspace_id - sensitive = true -} + description = "The unique identifier of the databricks workspace in Databricks control plane." + value = azurerm_databricks_workspace.ws.workspace_id + sensitive = true +} \ No newline at end of file diff --git a/modules/analytics/databricks_workspace/variables.tf b/modules/analytics/databricks_workspace/variables.tf index 3b634f308f..a2049b37b4 100644 --- a/modules/analytics/databricks_workspace/variables.tf +++ b/modules/analytics/databricks_workspace/variables.tf @@ -1,7 +1,45 @@ -variable settings {} -variable global_settings {} -variable client_config {} -variable location {} -variable resource_group_name {} -variable vnets {} -variable base_tags {} \ No newline at end of file +variable settings { + description = "Configuration object for the Databricks workspace." + # # optional fields supported after TF14 + # type = object({ + # name = string + # resource_group_key = string + # sku = optional(string) + # managed_resource_group_name = optional(string) + # tags = optional(map(string)) + # custom_parameters = object({ + # no_public_ip = bool + # public_subnet_key = string + # private_subnet_key = string + # vnet_key = string + # }) + # }) +} + +variable global_settings { + description = "Global settings object (see module README.md)" +} + +variable client_config { + description = "Client configuration object (see module README.md)." +} + +variable location { + description = "Specifies the supported Azure location where to create the resource. Changing this forces a new resource to be created." + type = string +} + +variable resource_group_name { + description = "The name of the resource group where to create the resource." + type = string +} + +variable vnets { + description = "Virtual networks objects - contains all virtual networks that could potentially be used by the module." +} + +variable base_tags { + description = "Base tags for the resource to be inherited from the resource group." + type = map +} + diff --git a/modules/analytics/databricks_workspace/workspace.tf b/modules/analytics/databricks_workspace/workspace.tf index 57fbefda08..ff87749db6 100644 --- a/modules/analytics/databricks_workspace/workspace.tf +++ b/modules/analytics/databricks_workspace/workspace.tf @@ -1,5 +1,5 @@ # naming convention -resource "azurecaf_name" "wp" { +resource "azurecaf_name" "ws" { name = var.settings.name resource_type = "azurerm_databricks_workspace" prefixes = [var.global_settings.prefix] @@ -11,7 +11,7 @@ resource "azurecaf_name" "wp" { # Databricks workspace resource "azurerm_databricks_workspace" "ws" { - name = azurecaf_name.wp.result + name = azurecaf_name.ws.result resource_group_name = var.resource_group_name location = var.location sku = try(var.settings.sku, "standard") diff --git a/modules/analytics/machine_learning/compute_instance/variables.tf b/modules/analytics/machine_learning/compute_instance/variables.tf index 47a4dc0761..f15dfd6e9c 100644 --- a/modules/analytics/machine_learning/compute_instance/variables.tf +++ b/modules/analytics/machine_learning/compute_instance/variables.tf @@ -1,7 +1,18 @@ variable settings {} -variable global_settings {} +variable global_settings { + description = "Global settings object (see module README.md)" +} variable machine_learning_workspace_name {} variable subnet_id {} -variable resource_group_name {} -variable location {} -variable tags {} \ No newline at end of file +variable resource_group_name { + description = "(Required) The name of the resource group where to create the resource." + type = string +} +variable location { + description = "(Required) Specifies the supported Azure location where to create the resource. Changing this forces a new resource to be created." + type = string +} +variable tags { + description = "(Required) Map of tags to be applied to the resource" + type = map +} \ No newline at end of file diff --git a/modules/analytics/machine_learning/output.tf b/modules/analytics/machine_learning/output.tf index 64ca57a529..709f2acca1 100644 --- a/modules/analytics/machine_learning/output.tf +++ b/modules/analytics/machine_learning/output.tf @@ -1,4 +1,11 @@ output id { - value = azurerm_machine_learning_workspace.ws.id - sensitive = true + description = "The ID of the Machine Learning Workspace." + value = azurerm_machine_learning_workspace.ws.id + sensitive = true } + +output identity { + description = "An identity block exports the following: - principal_id: The (Client) ID of the Service Principal, -tenant_id: The ID of the Tenant the Service Principal is assigned in." + value = azurerm_machine_learning_workspace.ws.identity + sensitive = true +} \ No newline at end of file diff --git a/modules/analytics/machine_learning/readme.md b/modules/analytics/machine_learning/readme.md old mode 100644 new mode 100755 index 37342a03c3..7a6b952c5a --- a/modules/analytics/machine_learning/readme.md +++ b/modules/analytics/machine_learning/readme.md @@ -1,3 +1,16 @@ +# Azure Machine learning workspace + +This submodule is part of Cloud Adoption Framework landing zones for Azure on Terraform. + +You can instantiate this submodule directly using the following parameters: + +``` +module "caf_machine_learning" { + source = "aztfmod/caf/azurerm//modules/analytics/machine_learning" + version = "4.21.2" + # insert the 10 required variables here +} +``` *** Location Allowed Values *** ``` "australiaeast", @@ -104,4 +117,40 @@ "Standard_NV12s_v3", "Standard_NV24s_v3", "Standard_NV48s_v3" -``` \ No newline at end of file +``` + + +## Requirements + +No requirements. + +## Providers + +| Name | Version | +|------|---------| +| azurecaf | n/a | +| azurerm | n/a | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| application\_insights\_id | The ID of the App Insights to be used by the nachine learning workspace. | `string` | n/a | yes | +| base\_tags | Base tags for the resource to be inherited from the resource group. | `map` | n/a | yes | +| client\_config | Client configuration object (see module README.md). | `any` | n/a | yes | +| global\_settings | Global settings object (see module README.md) | `any` | n/a | yes | +| keyvault\_id | The ID of the Key Vault to be used by the machine learning workspace. | `string` | n/a | yes | +| location | (Required) Specifies the supported Azure location where to create the resource. Changing this forces a new resource to be created. | `string` | n/a | yes | +| resource\_group\_name | (Required) The name of the resource group where to create the resource. | `string` | n/a | yes | +| settings | Configuration object for the machine learning workspace. | `any` | n/a | yes | +| storage\_account\_id | The ID of the Storage Account to be used by the nachine learning workspace. | `string` | n/a | yes | +| vnets | Virtual networks objects - contains all virtual networks that could potentially be used by the module. | `any` | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| id | The ID of the Machine Learning Workspace. | +| identity | An identity block exports the following: - principal\_id: The (Client) ID of the Service Principal, -tenant\_id: The ID of the Tenant the Service Principal is assigned in. | + + \ No newline at end of file diff --git a/modules/analytics/machine_learning/variables.tf b/modules/analytics/machine_learning/variables.tf index 97dd222d6f..cd0d843323 100644 --- a/modules/analytics/machine_learning/variables.tf +++ b/modules/analytics/machine_learning/variables.tf @@ -1,12 +1,55 @@ -variable settings {} -variable client_config {} -variable global_settings {} -variable location {} -variable resource_group_name {} -variable keyvault_id {} -variable storage_account_id {} -variable application_insights_id {} -variable base_tags {} -variable vnets {} +variable settings { + description = "Configuration object for the machine learning workspace." + # # optional fields supported after TF14 + # type = object({ + # name = string + # resource_group_key = string + # application_insights_id = string + # key_vault_id = (string) + # storage_account_id = (string) + # tags = optional(map(string)) + # sku_name = string + # #identity {} + # }) +} +variable client_config { + description = "Client configuration object (see module README.md)." +} +variable global_settings { + description = "Global settings object (see module README.md)" +} + +variable location { + description = "(Required) Specifies the supported Azure location where to create the resource. Changing this forces a new resource to be created." + type = string +} + +variable resource_group_name { + description = "(Required) The name of the resource group where to create the resource." + type = string +} + +variable keyvault_id { + description = "The ID of the Key Vault to be used by the machine learning workspace." + type = string +} + +variable storage_account_id { + description = "The ID of the Storage Account to be used by the nachine learning workspace." + type = string +} +variable application_insights_id { + description = "The ID of the App Insights to be used by the nachine learning workspace." + type = string +} + +variable base_tags { + description = "Base tags for the resource to be inherited from the resource group." + type = map +} + +variable vnets { + description = "Virtual networks objects - contains all virtual networks that could potentially be used by the module." +} \ No newline at end of file diff --git a/modules/analytics/machine_learning/workspace.tf b/modules/analytics/machine_learning/workspace.tf index 8a07008694..f0028e8ce3 100644 --- a/modules/analytics/machine_learning/workspace.tf +++ b/modules/analytics/machine_learning/workspace.tf @@ -21,6 +21,7 @@ resource "azurerm_machine_learning_workspace" "ws" { sku_name = try(var.settings.sku_name, "basic") identity { + #Hardcoded as the only supported value is SystemAssigned as per azurerm 2.40 type = "SystemAssigned" } } diff --git a/modules/analytics/synapse/README.md b/modules/analytics/synapse/README.md new file mode 100755 index 0000000000..9d787ec43b --- /dev/null +++ b/modules/analytics/synapse/README.md @@ -0,0 +1,52 @@ +# Azure Synapse Workspace + +This submodule is part of Cloud Adoption Framework landing zones for Azure on Terraform. + +You can instantiate this submodule directly using the following parameters: + +``` +module "caf_synapse" { + source = "aztfmod/caf/azurerm//modules/analytics/synapse" + version = "4.21.2" + # insert the 7 required variables here +} +``` + + +## Requirements + +No requirements. + +## Providers + +| Name | Version | +|------|---------| +| azurecaf | n/a | +| azurerm | n/a | +| random | n/a | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| base\_tags | Base tags for the resource to be inherited from the resource group. | `map` | n/a | yes | +| global\_settings | Global settings object (see module README.md) | `any` | n/a | yes | +| keyvault\_id | The ID of the Key Vault to be used by the Synapse workspace. | `string` | `null` | no | +| location | (Required) Specifies the supported Azure location where to create the resource. Changing this forces a new resource to be created. | `string` | n/a | yes | +| resource\_group\_name | (Required) The name of the resource group where to create the resource. | `string` | n/a | yes | +| settings | Configuration object for the Synapse workspace. | `any` | n/a | yes | +| storage\_data\_lake\_gen2\_filesystem\_id | The ID of the Datalake filesystem to be used by Synapse. | `any` | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| connectivity\_endpoints | A list of Connectivity endpoints for this Synapse Workspace. | +| id | The ID of the Synapse Workspace. | +| identity | An identity block which contains the Managed Service Identity information for this Synapse Workspace. - type - The Identity Type for the Service Principal associated with the Managed Service Identity of this Synapse Workspace. principal\_id - The Principal ID for the Service Principal associated with the Managed Service Identity of this Synapse Workspace. tenant\_id - The Tenant ID for the Service Principal associated with the Managed Service Identity of this Synapse Workspace. | +| managed\_resource\_group\_name | Workspace managed resource group. | +| rbac\_id | n/a | +| spark\_pool | Spark pool object | +| sql\_pool | SQL pool object | + + \ No newline at end of file diff --git a/modules/analytics/synapse/output.tf b/modules/analytics/synapse/output.tf index f0345b29b0..fba79cb566 100644 --- a/modules/analytics/synapse/output.tf +++ b/modules/analytics/synapse/output.tf @@ -1,7 +1,36 @@ output id { - value = azurerm_synapse_workspace.ws.id + description = "The ID of the Synapse Workspace." + value = azurerm_synapse_workspace.ws.id } -output rbac_id { - value = azurerm_synapse_workspace.ws.identity[0].principal_id +output connectivity_endpoints { + description = "A list of Connectivity endpoints for this Synapse Workspace." + value = azurerm_synapse_workspace.ws.connectivity_endpoints + sensitive = true +} + +output managed_resource_group_name { + description = "Workspace managed resource group." + value = azurerm_synapse_workspace.ws.managed_resource_group_name } + +output identity { + description = "An identity block which contains the Managed Service Identity information for this Synapse Workspace. - type - The Identity Type for the Service Principal associated with the Managed Service Identity of this Synapse Workspace. principal_id - The Principal ID for the Service Principal associated with the Managed Service Identity of this Synapse Workspace. tenant_id - The Tenant ID for the Service Principal associated with the Managed Service Identity of this Synapse Workspace." + value = azurerm_synapse_workspace.ws.identity + sensitive = true +} + +output spark_pool { + description = "Spark pool object" + value = module.spark_pool +} + +output sql_pool { + description = "SQL pool object" + value = module.sql_pool +} + +output rbac_id { + value = azurerm_synapse_workspace.ws.identity[0].principal_id + sensitive = true +} \ No newline at end of file diff --git a/modules/analytics/synapse/spark_pool/output.tf b/modules/analytics/synapse/spark_pool/output.tf new file mode 100644 index 0000000000..7845e02eb6 --- /dev/null +++ b/modules/analytics/synapse/spark_pool/output.tf @@ -0,0 +1,4 @@ +output id { + description = "The ID of the Synapse Spark Pool." + value = azurerm_synapse_spark_pool.spark_pool.id +} \ No newline at end of file diff --git a/modules/analytics/synapse/spark_pool/variables.tf b/modules/analytics/synapse/spark_pool/variables.tf index e2779828bb..f2c2a3cdbf 100644 --- a/modules/analytics/synapse/spark_pool/variables.tf +++ b/modules/analytics/synapse/spark_pool/variables.tf @@ -1,4 +1,9 @@ -variable global_settings {} +variable global_settings { + description = "Global settings object (see module README.md)" +} variable settings {} variable synapse_workspace_id {} -variable tags {} +variable tags { + description = "(Required) Map of tags to be applied to the resource" + type = map +} diff --git a/modules/analytics/synapse/sql_pool/output.tf b/modules/analytics/synapse/sql_pool/output.tf new file mode 100644 index 0000000000..82ac2b079e --- /dev/null +++ b/modules/analytics/synapse/sql_pool/output.tf @@ -0,0 +1,4 @@ +output id { + description = "The ID of the Synapse Spark Pool." + value = azurerm_synapse_sql_pool.sql_pool.id +} \ No newline at end of file diff --git a/modules/analytics/synapse/sql_pool/variables.tf b/modules/analytics/synapse/sql_pool/variables.tf index fb7ba1349b..2765fd6f1d 100644 --- a/modules/analytics/synapse/sql_pool/variables.tf +++ b/modules/analytics/synapse/sql_pool/variables.tf @@ -1,5 +1,10 @@ -variable global_settings {} +variable global_settings { + description = "Global settings object (see module README.md)" +} variable settings {} variable synapse_workspace_id {} -variable tags {} +variable tags { + description = "(Required) Map of tags to be applied to the resource" + type = map +} diff --git a/modules/analytics/synapse/variables.tf b/modules/analytics/synapse/variables.tf index 4cf274eba6..4d4921fa3c 100644 --- a/modules/analytics/synapse/variables.tf +++ b/modules/analytics/synapse/variables.tf @@ -1,9 +1,32 @@ -variable settings {} -variable global_settings {} -variable storage_data_lake_gen2_filesystem_id {} -variable location {} -variable resource_group_name {} +variable settings { + description = "Configuration object for the Synapse workspace." +} + +variable global_settings { + description = "Global settings object (see module README.md)" +} + +variable storage_data_lake_gen2_filesystem_id { + description = "The ID of the Datalake filesystem to be used by Synapse." +} + +variable location { + description = "(Required) Specifies the supported Azure location where to create the resource. Changing this forces a new resource to be created." + type = string +} + +variable resource_group_name { + description = "(Required) The name of the resource group where to create the resource." + type = string +} + variable keyvault_id { - default = null + description = "The ID of the Key Vault to be used by the Synapse workspace." + type = string + default = null } -variable base_tags {} \ No newline at end of file + +variable base_tags { + description = "Base tags for the resource to be inherited from the resource group." + type = map +} \ No newline at end of file diff --git a/modules/app_insights/README.md b/modules/app_insights/README.md new file mode 100755 index 0000000000..68c45ea282 --- /dev/null +++ b/modules/app_insights/README.md @@ -0,0 +1,56 @@ +# Azure Application Insights + +This submodule is part of Cloud Adoption Framework landing zones for Azure on Terraform. + +You can instantiate this submodule directly using the following parameters: + +``` +module "caf_app_insights" { + source = "aztfmod/caf/azurerm//modules/app_insights" + version = "4.21.2" + # insert the 9 required variables here +} +``` + + +## Requirements + +| Name | Version | +|------|---------| +| terraform | >= 0.13 | + +## Providers + +| Name | Version | +|------|---------| +| azurecaf | n/a | +| azurerm | n/a | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| application\_type | (Required) Specifies the type of Application Insights to create. Valid values are ios for iOS, java for Java web, MobileCenter for App Center, Node.JS for Node.js, other for General, phone for Windows Phone, store for Windows Store and web for ASP.NET. Please note these values are case sensitive; unmatched values are treated as ASP.NET by Azure. Changing this forces a new resource to be created. | `string` | `"other"` | no | +| base\_tags | Base tags for the resource to be inherited from the resource group. | `map` | n/a | yes | +| daily\_data\_cap\_in\_gb | (Optional) Specifies the Application Insights component daily data volume cap in GB. | `number` | `null` | no | +| daily\_data\_cap\_notifications\_disabled | (Optional) Specifies if a notification email will be send when the daily data volume cap is met. (set to false to enable) | `bool` | `true` | no | +| disable\_ip\_masking | (Optional) By default the real client ip is masked as 0.0.0.0 in the logs. Use this argument to disable masking and log the real client ip. Defaults to false. | `bool` | `false` | no | +| global\_settings | Global settings object when the resource is deploye in landing zones context. | `any` | `null` | no | +| location | (Required) Specifies the supported Azure location where to create the resource. Changing this forces a new resource to be created. | `string` | n/a | yes | +| name | (Required) Specifies the name of the Application Insights component. Changing this forces a new resource to be created. | `string` | n/a | yes | +| prefix | You can use a prefix to add to the list of resource groups you want to create | `string` | n/a | yes | +| resource\_group\_name | (Required) The name of the resource group where to create the resource. | `string` | n/a | yes | +| retention\_in\_days | (Optional) Specifies the retention period in days. Possible values are 30, 60, 90, 120, 180, 270, 365, 550 or 730. Defaults to 90. | `number` | `90` | no | +| sampling\_percentage | (Optional) Specifies the percentage of the data produced by the monitored application that is sampled for Application Insights telemetry. | `number` | `null` | no | +| tags | (Required) Map of tags to be applied to the resource | `map` | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| app\_id | The App ID associated with this Application Insights component. | +| connection\_string | The Connection String for this Application Insights component. (Sensitive) | +| id | The ID of the Application Insights component. | +| instrumentation\_key | The Instrumentation Key for this Application Insights component. | + + \ No newline at end of file diff --git a/modules/app_insights/output.tf b/modules/app_insights/output.tf index 0543a146da..04d0e27b99 100644 --- a/modules/app_insights/output.tf +++ b/modules/app_insights/output.tf @@ -1,15 +1,20 @@ output id { - value = azurerm_application_insights.appinsights.id + description = "The ID of the Application Insights component." + value = azurerm_application_insights.appinsights.id } output app_id { - value = azurerm_application_insights.appinsights.app_id + description = "The App ID associated with this Application Insights component." + value = azurerm_application_insights.appinsights.app_id } output instrumentation_key { - value = azurerm_application_insights.appinsights.instrumentation_key + description = "The Instrumentation Key for this Application Insights component." + value = azurerm_application_insights.appinsights.instrumentation_key } output connection_string { - value = azurerm_application_insights.appinsights.connection_string + description = "The Connection String for this Application Insights component. (Sensitive)" + sensitive = true + value = azurerm_application_insights.appinsights.connection_string } \ No newline at end of file diff --git a/modules/app_insights/variables.tf b/modules/app_insights/variables.tf index 43f2fc6c86..f4cbee5b9f 100644 --- a/modules/app_insights/variables.tf +++ b/modules/app_insights/variables.tf @@ -1,22 +1,26 @@ - variable prefix { - description = "(Optional) You can use a prefix to add to the list of resource groups you want to create" + description = "You can use a prefix to add to the list of resource groups you want to create" + type = string } variable tags { - description = "(Required) map of tags for the deployment" + description = "(Required) Map of tags to be applied to the resource" + type = map } variable name { description = "(Required) Specifies the name of the Application Insights component. Changing this forces a new resource to be created." + type = string } variable resource_group_name { - description = "(Required) The name of the resource group in which to create the Application Insights component." + description = "(Required) The name of the resource group where to create the resource." + type = string } variable location { - description = "(Required) Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created." + description = "(Required) Specifies the supported Azure location where to create the resource. Changing this forces a new resource to be created." + type = string } variable application_type { @@ -32,32 +36,45 @@ variable application_type { variable daily_data_cap_in_gb { description = "(Optional) Specifies the Application Insights component daily data volume cap in GB." default = null + type = number } variable daily_data_cap_notifications_disabled { description = "(Optional) Specifies if a notification email will be send when the daily data volume cap is met. (set to false to enable)" default = true + type = bool } variable retention_in_days { description = "(Optional) Specifies the retention period in days. Possible values are 30, 60, 90, 120, 180, 270, 365, 550 or 730. Defaults to 90." - default = "90" + default = 90 + type = number validation { - condition = contains(["30", "60", "90", "120", "180", "270", "365", "550", "730"], var.retention_in_days) - error_message = "Provide a valid value." + condition = contains([30, 60, 90, 120, 180, 270, 365, 550, 730], var.retention_in_days) + error_message = "Provide a valid value for retention period in days." } } variable sampling_percentage { description = "(Optional) Specifies the percentage of the data produced by the monitored application that is sampled for Application Insights telemetry." default = null + type = number } variable disable_ip_masking { description = "(Optional) By default the real client ip is masked as 0.0.0.0 in the logs. Use this argument to disable masking and log the real client ip. Defaults to false." default = false + type = bool +} + +variable global_settings { + description = "Global settings object when the resource is deploye in landing zones context." + default = null + type = any } -variable global_settings {} -variable base_tags {} \ No newline at end of file +variable base_tags { + description = "Base tags for the resource to be inherited from the resource group." + type = map +} \ No newline at end of file diff --git a/modules/automation/README.md b/modules/automation/README.md new file mode 100755 index 0000000000..2705396a96 --- /dev/null +++ b/modules/automation/README.md @@ -0,0 +1,48 @@ +# Azure Automation + +This submodule is part of Cloud Adoption Framework landing zones for Azure on Terraform. + +You can instantiate this submodule directly using the following parameters: + +``` +module "caf_automation" { + source = "aztfmod/caf/azurerm//modules/automation" + version = "4.21.2" + # insert the 6 required variables here +} +``` + + +## Requirements + +No requirements. + +## Providers + +| Name | Version | +|------|---------| +| azurecaf | n/a | +| azurerm | n/a | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| base\_tags | Base tags for the resource to be inherited from the resource group. | `map` | n/a | yes | +| diagnostics | n/a | `any` | n/a | yes | +| global\_settings | Global settings object (see module README.md) | `any` | n/a | yes | +| location | (Required) Specifies the supported Azure location where to create the resource. Changing this forces a new resource to be created. | `string` | n/a | yes | +| resource\_group\_name | (Required) The name of the resource group where to create the resource. | `string` | n/a | yes | +| settings | Configuration object for the Automation account. | `any` | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| dsc\_primary\_access\_key | The Primary Access Key for the DSC Endpoint associated with this Automation Account. | +| dsc\_secondary\_access\_key | The Secondary Access Key for the DSC Endpoint associated with this Automation Account. | +| dsc\_server\_endpoint | The DSC Server Endpoint associated with this Automation Account. | +| id | The Automation Account ID. | +| name | The Automation Account name. | + + \ No newline at end of file diff --git a/modules/automation/output.tf b/modules/automation/output.tf index b15faf7d2a..517338a8e3 100644 --- a/modules/automation/output.tf +++ b/modules/automation/output.tf @@ -1,9 +1,24 @@ output id { - description = "Output the object ID" + description = "The Automation Account ID." value = azurerm_automation_account.auto_account.id } output name { - description = "Output the object name" + description = "The Automation Account name." value = azurerm_automation_account.auto_account.name } + +output dsc_server_endpoint { + description = "The DSC Server Endpoint associated with this Automation Account." + value = azurerm_automation_account.auto_account.dsc_server_endpoint +} + +output dsc_primary_access_key { + description = "The Primary Access Key for the DSC Endpoint associated with this Automation Account." + value = azurerm_automation_account.auto_account.dsc_primary_access_key +} + +output dsc_secondary_access_key { + description = "The Secondary Access Key for the DSC Endpoint associated with this Automation Account." + value = azurerm_automation_account.auto_account.dsc_secondary_access_key +} \ No newline at end of file diff --git a/modules/automation/variables.tf b/modules/automation/variables.tf index 7c7cac68d2..e8490a318f 100644 --- a/modules/automation/variables.tf +++ b/modules/automation/variables.tf @@ -1,6 +1,30 @@ -variable location {} -variable settings {} -variable global_settings {} -variable resource_group_name {} +variable location { + description = "(Required) Specifies the supported Azure location where to create the resource. Changing this forces a new resource to be created." + type = string +} + +variable settings { + description = "Configuration object for the Automation account." + # # optional fields supported after TF14 + # type = object({ + # name = string + # resource_group_key = string + # tags = optional(map(string)) + # }) +} + +variable global_settings { + description = "Global settings object (see module README.md)" +} + +variable resource_group_name { + description = "(Required) The name of the resource group where to create the resource." + type = string +} + variable diagnostics {} -variable base_tags {} \ No newline at end of file + +variable base_tags { + description = "Base tags for the resource to be inherited from the resource group." + type = map +} \ No newline at end of file diff --git a/modules/azuread/applications/README.md b/modules/azuread/applications/README.md new file mode 100755 index 0000000000..303ad787ec --- /dev/null +++ b/modules/azuread/applications/README.md @@ -0,0 +1,50 @@ +# Azure AD Applications + +This submodule is part of Cloud Adoption Framework landing zones for Azure on Terraform. + +You can instantiate this submodule directly using the following parameters: + +``` +module "caf_applications" { + source = "aztfmod/caf/azurerm//modules/azuread/applications" + version = "4.21.2" + # insert the 2 required variables here +} +``` + + +## Requirements + +No requirements. + +## Providers + +| Name | Version | +|------|---------| +| azuread | n/a | +| azurerm | n/a | +| null | n/a | +| random | n/a | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| azuread\_api\_permissions | n/a | `map` | `{}` | no | +| client\_config | Client configuration object (see module README.md). | `any` | n/a | yes | +| global\_settings | n/a | `map` | `{}` | no | +| keyvaults | n/a | `map` | `{}` | no | +| settings | n/a | `map` | `{}` | no | +| user\_type | n/a | `any` | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| azuread\_application | n/a | +| azuread\_service\_principal | n/a | +| keyvaults | n/a | +| rbac\_id | This attribute is used to set the role assignment | +| tenant\_id | n/a | + + \ No newline at end of file diff --git a/modules/azuread/applications/variables.tf b/modules/azuread/applications/variables.tf index beaddee69b..3136df8c8b 100755 --- a/modules/azuread/applications/variables.tf +++ b/modules/azuread/applications/variables.tf @@ -7,7 +7,9 @@ variable settings { variable azuread_api_permissions { default = {} } -variable client_config {} +variable client_config { + description = "Client configuration object (see module README.md)." +} variable user_type {} variable keyvaults { default = {} diff --git a/modules/azuread/groups/README.md b/modules/azuread/groups/README.md new file mode 100755 index 0000000000..83321ea932 --- /dev/null +++ b/modules/azuread/groups/README.md @@ -0,0 +1,43 @@ +# Azure AD Groups + +This submodule is part of Cloud Adoption Framework landing zones for Azure on Terraform. + +You can instantiate this submodule directly using the following parameters: + +``` +module "caf_groups" { + source = "aztfmod/caf/azurerm//modules/azuread/groups" + version = "4.21.2" + # insert the 3 required variables here +} +``` + + +## Requirements + +No requirements. + +## Providers + +| Name | Version | +|------|---------| +| azuread | n/a | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| azuread\_groups | Set of groups to be created. | `any` | n/a | yes | +| global\_settings | Global settings object (see module README.md) | `any` | n/a | yes | +| tenant\_id | The tenant ID of the Azure AD environment where to create the groups. | `string` | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| id | The ID of the group created. | +| name | The name of the group created. | +| rbac\_id | This attribute is used to set the role assignment. | +| tenant\_id | The tenand\_id of the group created. | + + \ No newline at end of file diff --git a/modules/azuread/groups/main.tf b/modules/azuread/groups/main.tf deleted file mode 100755 index e69de29bb2..0000000000 diff --git a/modules/azuread/groups/output.tf b/modules/azuread/groups/output.tf index e5a51c96a4..ea8da9a5e3 100755 --- a/modules/azuread/groups/output.tf +++ b/modules/azuread/groups/output.tf @@ -1,20 +1,23 @@ output id { - value = azuread_group.group.id - sensitive = true + description = "The ID of the group created." + value = azuread_group.group.id + sensitive = true } output name { - value = azuread_group.group.name - sensitive = true + description = "The name of the group created." + value = azuread_group.group.name + sensitive = true } output tenant_id { - value = var.tenant_id - sensitive = true + description = "The tenand_id of the group created." + value = var.tenant_id + sensitive = true } output rbac_id { + description = "This attribute is used to set the role assignment." value = azuread_group.group.id - description = "This attribute is used to set the role assignment" sensitive = true } diff --git a/modules/azuread/groups/variables.tf b/modules/azuread/groups/variables.tf index ffdf5cd104..b2a6bc85d4 100755 --- a/modules/azuread/groups/variables.tf +++ b/modules/azuread/groups/variables.tf @@ -1,3 +1,10 @@ -variable global_settings {} -variable azuread_groups {} -variable tenant_id {} \ No newline at end of file +variable global_settings { + description = "Global settings object (see module README.md)" +} +variable azuread_groups { + description = "Set of groups to be created." +} +variable tenant_id { + description = "The tenant ID of the Azure AD environment where to create the groups." + type = string +} \ No newline at end of file diff --git a/modules/azuread/groups_members/README.md b/modules/azuread/groups_members/README.md new file mode 100755 index 0000000000..a0a0e68a32 --- /dev/null +++ b/modules/azuread/groups_members/README.md @@ -0,0 +1,39 @@ +# Azure AD Groups members + +This submodule is part of Cloud Adoption Framework landing zones for Azure on Terraform. + +You can instantiate this submodule directly using the following parameters: + +``` +module "caf_groups_members" { + source = "aztfmod/caf/azurerm//modules/azuread/groups_members" + version = "4.21.2" + # insert the 2 required variables here +} +``` + + +## Requirements + +No requirements. + +## Providers + +| Name | Version | +|------|---------| +| azuread | n/a | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| azuread\_apps | n/a | `map` | `{}` | no | +| azuread\_groups | n/a | `map` | `{}` | no | +| group\_id | n/a | `any` | n/a | yes | +| settings | n/a | `any` | n/a | yes | + +## Outputs + +No output. + + \ No newline at end of file diff --git a/modules/azuread/roles/README.md b/modules/azuread/roles/README.md new file mode 100755 index 0000000000..bd1c4ba1a4 --- /dev/null +++ b/modules/azuread/roles/README.md @@ -0,0 +1,37 @@ +# Azure AD Roles + +This submodule is part of Cloud Adoption Framework landing zones for Azure on Terraform. + +You can instantiate this submodule directly using the following parameters: + +``` +module "caf_roles" { + source = "aztfmod/caf/azurerm//modules/azuread/roles" + version = "4.21.2" + # insert the 2 required variables here +} +``` + + +## Requirements + +No requirements. + +## Providers + +| Name | Version | +|------|---------| +| null | n/a | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| azuread\_roles | n/a | `any` | n/a | yes | +| object\_id | n/a | `any` | n/a | yes | + +## Outputs + +No output. + + \ No newline at end of file diff --git a/modules/azuread/users/README.md b/modules/azuread/users/README.md new file mode 100755 index 0000000000..075b3c12e9 --- /dev/null +++ b/modules/azuread/users/README.md @@ -0,0 +1,45 @@ +# Azure AD Users + +This submodule is part of Cloud Adoption Framework landing zones for Azure on Terraform. + +You can instantiate this submodule directly using the following parameters: + +``` +module "caf_users" { + source = "aztfmod/caf/azurerm//modules/azuread/users" + version = "4.21.2" + # insert the 4 required variables here +} +``` + + +## Requirements + +No requirements. + +## Providers + +| Name | Version | +|------|---------| +| azuread | n/a | +| azurecaf | n/a | +| azurerm | n/a | +| random | n/a | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| azuread\_users | n/a | `any` | n/a | yes | +| client\_config | Client configuration object (see module README.md). | `any` | n/a | yes | +| global\_settings | Global settings object (see module README.md) | `any` | n/a | yes | +| keyvaults | n/a | `any` | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| id | n/a | +| rbac\_id | This attribute is used to set the role assignment | + + \ No newline at end of file diff --git a/modules/azuread/users/variables.tf b/modules/azuread/users/variables.tf index 8f7da86e0b..e56b7140a0 100755 --- a/modules/azuread/users/variables.tf +++ b/modules/azuread/users/variables.tf @@ -1,4 +1,8 @@ -variable global_settings {} -variable client_config {} +variable global_settings { + description = "Global settings object (see module README.md)" +} +variable client_config { + description = "Client configuration object (see module README.md)." +} variable azuread_users {} variable keyvaults {} \ No newline at end of file diff --git a/modules/compute/aks/README.md b/modules/compute/aks/README.md new file mode 100755 index 0000000000..24d7cfd8cf --- /dev/null +++ b/modules/compute/aks/README.md @@ -0,0 +1,61 @@ +# Azure Kubernetes Services + +This submodule is part of Cloud Adoption Framework landing zones for Azure on Terraform. + +You can instantiate this submodule directly using the following parameters: + +``` +module "caf_aks" { + source = "aztfmod/caf/azurerm//modules/compute/aks" + version = "4.21.2" + # insert the 8 required variables here +} +``` + + +## Requirements + +No requirements. + +## Providers + +| Name | Version | +|------|---------| +| azurecaf | n/a | +| azurerm | n/a | +| null | n/a | +| random | n/a | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| admin\_group\_ids | n/a | `any` | n/a | yes | +| base\_tags | Base tags for the resource to be inherited from the resource group. | `map` | n/a | yes | +| diagnostic\_profiles | n/a | `any` | `null` | no | +| diagnostics | n/a | `any` | n/a | yes | +| global\_settings | Global settings object (see module README.md) | `any` | n/a | yes | +| resource\_group | n/a | `any` | n/a | yes | +| settings | n/a | `any` | n/a | yes | +| subnets | n/a | `any` | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| aks\_kubeconfig\_admin\_cmd | n/a | +| aks\_kubeconfig\_cmd | n/a | +| cluster\_name | n/a | +| enable\_rbac | n/a | +| id | n/a | +| identity | System assigned identity which is used by master components | +| kube\_admin\_config | n/a | +| kube\_admin\_config\_raw | n/a | +| kube\_config | n/a | +| kubelet\_identity | User-defined Managed Identity assigned to the Kubelets | +| node\_resource\_group | n/a | +| private\_fqdn | n/a | +| rbac\_id | n/a | +| resource\_group\_name | n/a | + + \ No newline at end of file diff --git a/modules/compute/aks/variables.tf b/modules/compute/aks/variables.tf index 4d59dacf5e..f0a52401dc 100644 --- a/modules/compute/aks/variables.tf +++ b/modules/compute/aks/variables.tf @@ -1,11 +1,16 @@ -variable global_settings {} +variable global_settings { + description = "Global settings object (see module README.md)" +} variable diagnostics {} variable settings {} variable subnets {} variable resource_group {} variable admin_group_ids {} -variable base_tags {} +variable base_tags { + description = "Base tags for the resource to be inherited from the resource group." + type = map +} variable diagnostic_profiles { default = null } \ No newline at end of file diff --git a/modules/compute/availability_set/README.md b/modules/compute/availability_set/README.md new file mode 100755 index 0000000000..0d045886ed --- /dev/null +++ b/modules/compute/availability_set/README.md @@ -0,0 +1,52 @@ +# Azure Availability Set + +This submodule is part of Cloud Adoption Framework landing zones for Azure on Terraform. + +You can instantiate this submodule directly using the following parameters: + +``` +module "caf_availability_set" { + source = "aztfmod/caf/azurerm//modules/compute/availability_set" + version = "4.21.2" + # insert the 11 required variables here +} +``` + + +## Requirements + +| Name | Version | +|------|---------| +| terraform | >= 0.13 | + +## Providers + +| Name | Version | +|------|---------| +| azurecaf | n/a | +| azurerm | n/a | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| availability\_sets | n/a | `any` | n/a | yes | +| base\_tags | Base tags for the resource to be inherited from the resource group. | `map` | n/a | yes | +| client\_config | Client configuration object (see module README.md). | `any` | n/a | yes | +| global\_settings | Global settings object (see module README.md) | `any` | n/a | yes | +| location | (Required) Specifies the supported Azure location where to create the resource. Changing this forces a new resource to be created. | `string` | n/a | yes | +| name | n/a | `any` | n/a | yes | +| ppg\_id | n/a | `any` | n/a | yes | +| proximity\_placement\_groups | n/a | `any` | n/a | yes | +| resource\_group\_name | Name of the existing resource group to deploy the virtual machine | `any` | n/a | yes | +| settings | n/a | `any` | n/a | yes | +| tags | n/a | `any` | `null` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| id | n/a | +| name | n/a | + + \ No newline at end of file diff --git a/modules/compute/availability_set/variables.tf b/modules/compute/availability_set/variables.tf index 205670ba83..475b01bdae 100644 --- a/modules/compute/availability_set/variables.tf +++ b/modules/compute/availability_set/variables.tf @@ -1,10 +1,20 @@ -variable global_settings {} -variable client_config {} -variable location {} +variable global_settings { + description = "Global settings object (see module README.md)" +} +variable client_config { + description = "Client configuration object (see module README.md)." +} +variable location { + description = "(Required) Specifies the supported Azure location where to create the resource. Changing this forces a new resource to be created." + type = string +} variable resource_group_name { description = "Name of the existing resource group to deploy the virtual machine" } -variable base_tags {} +variable base_tags { + description = "Base tags for the resource to be inherited from the resource group." + type = map +} variable settings {} variable availability_sets {} variable tags { diff --git a/modules/compute/container_registry/README.md b/modules/compute/container_registry/README.md new file mode 100755 index 0000000000..2642db0288 --- /dev/null +++ b/modules/compute/container_registry/README.md @@ -0,0 +1,55 @@ +# Azure Container Registry + +This submodule is part of Cloud Adoption Framework landing zones for Azure on Terraform. + +You can instantiate this submodule directly using the following parameters: + +``` +module "caf_container_registry" { + source = "aztfmod/caf/azurerm//modules/compute/container_registry" + version = "4.21.2" + # insert the 7 required variables here +} +``` + + +## Requirements + +No requirements. + +## Providers + +| Name | Version | +|------|---------| +| azurecaf | n/a | +| azurerm | n/a | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| admin\_enabled | (Optional) Specifies whether the admin user is enabled. Defaults to false. | `bool` | `false` | no | +| base\_tags | Base tags for the resource to be inherited from the resource group. | `map` | n/a | yes | +| client\_config | Client configuration object (see module README.md). | `any` | n/a | yes | +| diagnostic\_profiles | n/a | `map` | `{}` | no | +| diagnostics | n/a | `map` | `{}` | no | +| georeplication\_locations | (Optional) A list of Azure locations where the container registry should be geo-replicated. | `any` | `null` | no | +| global\_settings | Global settings object (see module README.md) | `any` | n/a | yes | +| location | (Required) Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created. | `any` | n/a | yes | +| name | (Required) Specifies the name of the Container Registry. Changing this forces a new resource to be created. | `string` | n/a | yes | +| network\_rule\_set | (Optional) A network\_rule\_set block as documented https://www.terraform.io/docs/providers/azurerm/r/container_registry.html | `map` | `{}` | no | +| private\_endpoints | n/a | `map` | `{}` | no | +| resource\_group\_name | (Required) The name of the resource group in which to create the Container Registry. Changing this forces a new resource to be created. | `any` | n/a | yes | +| resource\_groups | n/a | `map` | `{}` | no | +| sku | (Optional) The SKU name of the container registry. Possible values are Basic, Standard and Premium. Defaults to Basic | `string` | `"Basic"` | no | +| tags | (Optional) A mapping of tags to assign to the resource. | `map` | `{}` | no | +| vnets | n/a | `map` | `{}` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| id | n/a | +| login\_server | n/a | + + \ No newline at end of file diff --git a/modules/compute/container_registry/variables.tf b/modules/compute/container_registry/variables.tf index 56189bed64..535e494399 100755 --- a/modules/compute/container_registry/variables.tf +++ b/modules/compute/container_registry/variables.tf @@ -1,5 +1,9 @@ -variable global_settings {} -variable client_config {} +variable global_settings { + description = "Global settings object (see module README.md)" +} +variable client_config { + description = "Client configuration object (see module README.md)." +} variable name { type = string @@ -60,4 +64,7 @@ variable resource_groups { default = {} } -variable base_tags {} \ No newline at end of file +variable base_tags { + description = "Base tags for the resource to be inherited from the resource group." + type = map +} \ No newline at end of file diff --git a/modules/compute/proximity_placement_group/README.md b/modules/compute/proximity_placement_group/README.md new file mode 100755 index 0000000000..5fdc1cb412 --- /dev/null +++ b/modules/compute/proximity_placement_group/README.md @@ -0,0 +1,47 @@ +# Azure Proximity Placement Group + +This submodule is part of Cloud Adoption Framework landing zones for Azure on Terraform. + +You can instantiate this submodule directly using the following parameters: + +``` +module "caf_proximity_placement_group" { + source = "aztfmod/caf/azurerm//modules/compute/proximity_placement_group" + version = "4.21.2" + # insert the 7 required variables here +} +``` + + +## Requirements + +| Name | Version | +|------|---------| +| terraform | >= 0.13 | + +## Providers + +| Name | Version | +|------|---------| +| azurecaf | n/a | +| azurerm | n/a | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| base\_tags | Base tags for the resource to be inherited from the resource group. | `map` | n/a | yes | +| client\_config | Client configuration object (see module README.md). | `any` | n/a | yes | +| global\_settings | Global settings object (see module README.md) | `any` | n/a | yes | +| location | (Required) Specifies the supported Azure location where to create the resource. Changing this forces a new resource to be created. | `string` | n/a | yes | +| name | n/a | `any` | n/a | yes | +| resource\_group\_name | Name of the existing resource group to deploy the virtual machine | `any` | n/a | yes | +| tags | n/a | `any` | `null` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| id | n/a | + + \ No newline at end of file diff --git a/modules/compute/proximity_placement_group/variables.tf b/modules/compute/proximity_placement_group/variables.tf index 7c06be0076..feec51f13b 100755 --- a/modules/compute/proximity_placement_group/variables.tf +++ b/modules/compute/proximity_placement_group/variables.tf @@ -1,10 +1,20 @@ -variable global_settings {} -variable client_config {} -variable location {} +variable global_settings { + description = "Global settings object (see module README.md)" +} +variable client_config { + description = "Client configuration object (see module README.md)." +} +variable location { + description = "(Required) Specifies the supported Azure location where to create the resource. Changing this forces a new resource to be created." + type = string +} variable resource_group_name { description = "Name of the existing resource group to deploy the virtual machine" } -variable base_tags {} +variable base_tags { + description = "Base tags for the resource to be inherited from the resource group." + type = map +} variable tags { default = null } diff --git a/modules/compute/virtual_machine/README.md b/modules/compute/virtual_machine/README.md new file mode 100755 index 0000000000..10d62de254 --- /dev/null +++ b/modules/compute/virtual_machine/README.md @@ -0,0 +1,64 @@ +# Azure Virtual Machine + +This submodule is part of Cloud Adoption Framework landing zones for Azure on Terraform. + +You can instantiate this submodule directly using the following parameters: + +``` +module "caf_virtual_machine" { + source = "aztfmod/caf/azurerm//modules/compute/virtual_machine" + version = "4.21.2" + # insert the 7 required variables here +} +``` + + +## Requirements + +| Name | Version | +|------|---------| +| terraform | >= 0.13 | + +## Providers + +| Name | Version | +|------|---------| +| azurecaf | n/a | +| azurerm | n/a | +| external | n/a | +| random | n/a | +| tls | n/a | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| availability\_sets | n/a | `map` | `{}` | no | +| base\_tags | Base tags for the resource to be inherited from the resource group. | `map` | n/a | yes | +| boot\_diagnostics\_storage\_account | (Optional) The Primary/Secondary Endpoint for the Azure Storage Account (general purpose) which should be used to store Boot Diagnostics, including Console Output and Screenshots from the Hypervisor. | `map` | `{}` | no | +| client\_config | Client configuration object (see module README.md). | `any` | n/a | yes | +| diagnostics | n/a | `map` | `{}` | no | +| global\_settings | Global settings object (see module README.md) | `any` | n/a | yes | +| keyvaults | Keyvault to store the SSH public and private keys when not provided by the var.public\_key\_pem\_file or retrieve admin username and password | `string` | `""` | no | +| location | (Required) Specifies the supported Azure location where to create the resource. Changing this forces a new resource to be created. | `string` | n/a | yes | +| managed\_identities | n/a | `map` | `{}` | no | +| proximity\_placement\_groups | n/a | `map` | `{}` | no | +| public\_ip\_addresses | n/a | `map` | `{}` | no | +| public\_key\_pem\_file | If disable\_password\_authentication is set to true, ssh authentication is enabled. You can provide a list of file path of the public ssh key in PEM format. If left blank a new RSA/4096 key is created and the key is stored in the keyvault\_id. The secret name being the {computer name}-ssh-public and {computer name}-ssh-private | `string` | `""` | no | +| recovery\_vaults | n/a | `map` | `{}` | no | +| resource\_group\_name | Name of the existing resource group to deploy the virtual machine | `any` | n/a | yes | +| settings | n/a | `any` | n/a | yes | +| vnets | n/a | `any` | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| admin\_username | Local admin username | +| id | n/a | +| internal\_fqdns | n/a | +| os\_type | n/a | +| ssh\_keys | n/a | +| winrm | n/a | + + \ No newline at end of file diff --git a/modules/compute/virtual_machine/variables.tf b/modules/compute/virtual_machine/variables.tf index f1ae81ab89..a3befe4304 100755 --- a/modules/compute/virtual_machine/variables.tf +++ b/modules/compute/virtual_machine/variables.tf @@ -1,6 +1,13 @@ -variable global_settings {} -variable client_config {} -variable location {} +variable global_settings { + description = "Global settings object (see module README.md)" +} +variable client_config { + description = "Client configuration object (see module README.md)." +} +variable location { + description = "(Required) Specifies the supported Azure location where to create the resource. Changing this forces a new resource to be created." + type = string +} variable resource_group_name { description = "Name of the existing resource group to deploy the virtual machine" @@ -45,7 +52,10 @@ variable availability_sets { default = {} } -variable base_tags {} +variable base_tags { + description = "Base tags for the resource to be inherited from the resource group." + type = map +} variable proximity_placement_groups { default = {} diff --git a/modules/compute/virtual_machine/vm_windows.tf b/modules/compute/virtual_machine/vm_windows.tf index 412409439b..91e6ed90fb 100644 --- a/modules/compute/virtual_machine/vm_windows.tf +++ b/modules/compute/virtual_machine/vm_windows.tf @@ -196,27 +196,27 @@ locals { # # Use data external to retrieve value from different subscription # -# With for_each it is not possible to change the provider's subscription at runtime so using the following pattern. +# With for_each it is not possible to change the provider's subscription at runtime so using the following pattern. # data external windows_admin_username { - count = try(var.settings.virtual_machine_settings["windows"].admin_username_key, null) == null ? 0 : 1 + count = try(var.settings.virtual_machine_settings["windows"].admin_username_key, null) == null ? 0 : 1 program = [ - "bash", "-c", + "bash", "-c", format( - "az keyvault secret show --name '%s' --vault-name '%s' --query '{value: value }' -o json", - var.settings.virtual_machine_settings["windows"].admin_username_key, + "az keyvault secret show --name '%s' --vault-name '%s' --query '{value: value }' -o json", + var.settings.virtual_machine_settings["windows"].admin_username_key, local.keyvault.name ) ] } data external windows_admin_password { - count = try(var.settings.virtual_machine_settings["windows"].admin_password_key, null) == null ? 0 : 1 + count = try(var.settings.virtual_machine_settings["windows"].admin_password_key, null) == null ? 0 : 1 program = [ - "bash", "-c", + "bash", "-c", format( - "az keyvault secret show -n '%s' --vault-name '%s' --query '{value: value }' -o json", - var.settings.virtual_machine_settings["windows"].admin_password_key, + "az keyvault secret show -n '%s' --vault-name '%s' --query '{value: value }' -o json", + var.settings.virtual_machine_settings["windows"].admin_password_key, local.keyvault.name ) ] diff --git a/modules/compute/virtual_machine_extensions/README.md b/modules/compute/virtual_machine_extensions/README.md new file mode 100755 index 0000000000..0bb9e584d5 --- /dev/null +++ b/modules/compute/virtual_machine_extensions/README.md @@ -0,0 +1,31 @@ +# Azure Virtual Machine Extension + +This submodule is part of Cloud Adoption Framework landing zones for Azure on Terraform. + + + +## Requirements + +No requirements. + +## Providers + +| Name | Version | +|------|---------| +| azurerm | n/a | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| client\_config | Client configuration object (see module README.md). | `any` | n/a | yes | +| extension | n/a | `any` | n/a | yes | +| extension\_name | n/a | `any` | n/a | yes | +| settings | n/a | `any` | n/a | yes | +| virtual\_machine\_id | n/a | `any` | n/a | yes | + +## Outputs + +No output. + + \ No newline at end of file diff --git a/modules/compute/virtual_machine_extensions/variables.tf b/modules/compute/virtual_machine_extensions/variables.tf index 248e6bb724..d5ae328d7f 100644 --- a/modules/compute/virtual_machine_extensions/variables.tf +++ b/modules/compute/virtual_machine_extensions/variables.tf @@ -2,4 +2,6 @@ variable virtual_machine_id {} variable extension {} variable extension_name {} variable settings {} -variable client_config {} \ No newline at end of file +variable client_config { + description = "Client configuration object (see module README.md)." +} \ No newline at end of file diff --git a/modules/databases/cosmos_db/README.md b/modules/databases/cosmos_db/README.md new file mode 100755 index 0000000000..1543f4fd8f --- /dev/null +++ b/modules/databases/cosmos_db/README.md @@ -0,0 +1,45 @@ +# Azure Cosmos DB + +This submodule is part of Cloud Adoption Framework landing zones for Azure on Terraform. + +You can instantiate this submodule directly using the following parameters: + +``` +module "caf_cosmos_db" { + source = "aztfmod/caf/azurerm//modules/databases/cosmos_db" + version = "4.21.2" + # insert the 5 required variables here +} +``` + + +## Requirements + +No requirements. + +## Providers + +| Name | Version | +|------|---------| +| azurecaf | n/a | +| azurerm | n/a | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| base\_tags | Base tags for the resource to be inherited from the resource group. | `map` | n/a | yes | +| global\_settings | Global settings object (see module README.md) | `any` | n/a | yes | +| location | (Required) Specifies the supported Azure location where to create the resource. Changing this forces a new resource to be created. | `string` | n/a | yes | +| resource\_group\_name | (Required) The name of the resource group where to create the resource. | `string` | n/a | yes | +| settings | n/a | `any` | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| cosmos\_account | n/a | +| mongo\_databases | n/a | +| sql\_databases | n/a | + + \ No newline at end of file diff --git a/modules/databases/cosmos_db/mongo_database/variables.tf b/modules/databases/cosmos_db/mongo_database/variables.tf index 10375965e8..4e6bc6dddf 100644 --- a/modules/databases/cosmos_db/mongo_database/variables.tf +++ b/modules/databases/cosmos_db/mongo_database/variables.tf @@ -1,5 +1,13 @@ variable settings {} -variable global_settings {} -variable resource_group_name {} -variable location {} +variable global_settings { + description = "Global settings object (see module README.md)" +} +variable resource_group_name { + description = "(Required) The name of the resource group where to create the resource." + type = string +} +variable location { + description = "(Required) Specifies the supported Azure location where to create the resource. Changing this forces a new resource to be created." + type = string +} variable cosmosdb_account_name {} \ No newline at end of file diff --git a/modules/databases/cosmos_db/sql_database/variables.tf b/modules/databases/cosmos_db/sql_database/variables.tf index 10375965e8..4e6bc6dddf 100644 --- a/modules/databases/cosmos_db/sql_database/variables.tf +++ b/modules/databases/cosmos_db/sql_database/variables.tf @@ -1,5 +1,13 @@ variable settings {} -variable global_settings {} -variable resource_group_name {} -variable location {} +variable global_settings { + description = "Global settings object (see module README.md)" +} +variable resource_group_name { + description = "(Required) The name of the resource group where to create the resource." + type = string +} +variable location { + description = "(Required) Specifies the supported Azure location where to create the resource. Changing this forces a new resource to be created." + type = string +} variable cosmosdb_account_name {} \ No newline at end of file diff --git a/modules/databases/cosmos_db/variables.tf b/modules/databases/cosmos_db/variables.tf index 76f502771c..e36d5953ff 100644 --- a/modules/databases/cosmos_db/variables.tf +++ b/modules/databases/cosmos_db/variables.tf @@ -1,5 +1,16 @@ -variable global_settings {} -variable location {} -variable resource_group_name {} +variable global_settings { + description = "Global settings object (see module README.md)" +} +variable location { + description = "(Required) Specifies the supported Azure location where to create the resource. Changing this forces a new resource to be created." + type = string +} +variable resource_group_name { + description = "(Required) The name of the resource group where to create the resource." + type = string +} variable settings {} -variable base_tags {} \ No newline at end of file +variable base_tags { + description = "Base tags for the resource to be inherited from the resource group." + type = map +} \ No newline at end of file diff --git a/modules/databases/database_migration_service/README.md b/modules/databases/database_migration_service/README.md new file mode 100755 index 0000000000..5f505d6a1e --- /dev/null +++ b/modules/databases/database_migration_service/README.md @@ -0,0 +1,43 @@ +# Azure Database Migration Services + +This submodule is part of Cloud Adoption Framework landing zones for Azure on Terraform. + +You can instantiate this submodule directly using the following parameters: + +``` +module "caf_cosmos_db" { + source = "aztfmod/caf/azurerm//modules/databases/cosmos_db" + version = "4.21.2" + # insert the 5 required variables here +} +``` + + +## Requirements + +| Name | Version | +|------|---------| +| terraform | >= 0.13 | + +## Providers + +| Name | Version | +|------|---------| +| azurerm | n/a | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| global\_settings | Global settings object (see module README.md) | `any` | n/a | yes | +| location | (Required) Specifies the supported Azure location where to create the resource. Changing this forces a new resource to be created. | `string` | n/a | yes | +| resource\_group\_name | (Required) The name of the resource group where to create the resource. | `string` | n/a | yes | +| resource\_groups | n/a | `any` | n/a | yes | +| settings | n/a | `any` | n/a | yes | +| subnet\_id | n/a | `any` | n/a | yes | + +## Outputs + +No output. + + \ No newline at end of file diff --git a/modules/databases/database_migration_service/variables.tf b/modules/databases/database_migration_service/variables.tf index 0e3bc8df54..d1103151b9 100644 --- a/modules/databases/database_migration_service/variables.tf +++ b/modules/databases/database_migration_service/variables.tf @@ -1,6 +1,14 @@ -variable global_settings {} +variable global_settings { + description = "Global settings object (see module README.md)" +} variable settings {} -variable resource_group_name {} -variable location {} +variable resource_group_name { + description = "(Required) The name of the resource group where to create the resource." + type = string +} +variable location { + description = "(Required) Specifies the supported Azure location where to create the resource. Changing this forces a new resource to be created." + type = string +} variable subnet_id {} variable resource_groups {} diff --git a/modules/databases/mariadb_server/README.md b/modules/databases/mariadb_server/README.md new file mode 100755 index 0000000000..6a972df085 --- /dev/null +++ b/modules/databases/mariadb_server/README.md @@ -0,0 +1,58 @@ +# Azure Maria DB Server + +This submodule is part of Cloud Adoption Framework landing zones for Azure on Terraform. + +You can instantiate this submodule directly using the following parameters: + +``` +module "caf_maria_db_server" { + source = "aztfmod/caf/azurerm//modules/databases/mariadb_server" + version = "4.21.2" + # insert the 5 required variables here +} +``` + + +## Requirements + +| Name | Version | +|------|---------| +| terraform | >= 0.13 | + +## Providers + +| Name | Version | +|------|---------| +| azurecaf | n/a | +| azurerm | n/a | +| random | n/a | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| azuread\_groups | n/a | `any` | n/a | yes | +| base\_tags | Base tags for the resource to be inherited from the resource group. | `map` | n/a | yes | +| diagnostic\_profiles | n/a | `any` | `null` | no | +| diagnostics | n/a | `map` | `{}` | no | +| global\_settings | Global settings object (see module README.md) | `any` | n/a | yes | +| keyvault\_id | n/a | `any` | n/a | yes | +| location | (Required) Specifies the supported Azure location where to create the resource. Changing this forces a new resource to be created. | `string` | n/a | yes | +| private\_endpoints | n/a | `any` | n/a | yes | +| resource\_group\_name | (Required) The name of the resource group where to create the resource. | `string` | n/a | yes | +| resource\_groups | n/a | `any` | n/a | yes | +| settings | n/a | `any` | n/a | yes | +| storage\_accounts | n/a | `any` | n/a | yes | +| subnet\_id | n/a | `any` | n/a | yes | +| vnets | n/a | `any` | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| id | n/a | +| location | n/a | +| name | n/a | +| resource\_group\_name | n/a | + + \ No newline at end of file diff --git a/modules/databases/mariadb_server/configuration.tf b/modules/databases/mariadb_server/configuration.tf index 9d29944197..3a21931176 100644 --- a/modules/databases/mariadb_server/configuration.tf +++ b/modules/databases/mariadb_server/configuration.tf @@ -2,7 +2,7 @@ # resource "azurerm_mariadb_configuration" "mariadb_configuration" { - + for_each = var.settings.mariadb_configuration name = each.value.name diff --git a/modules/databases/mariadb_server/network_rule.tf b/modules/databases/mariadb_server/network_rule.tf index 6f9b91f3bc..5f565f5aa3 100644 --- a/modules/databases/mariadb_server/network_rule.tf +++ b/modules/databases/mariadb_server/network_rule.tf @@ -1,5 +1,5 @@ resource "azurerm_mariadb_virtual_network_rule" "mariadb_vnet_rules" { - for_each = try(var.settings.mariadb_vnet_rules, {}) + for_each = try(var.settings.mariadb_vnet_rules, {}) name = each.value.name resource_group_name = var.resource_group_name server_name = azurerm_mariadb_server.mariadb.name diff --git a/modules/databases/mariadb_server/server.tf b/modules/databases/mariadb_server/server.tf index 17ed13ea8a..7534f74154 100644 --- a/modules/databases/mariadb_server/server.tf +++ b/modules/databases/mariadb_server/server.tf @@ -5,7 +5,7 @@ resource "azurerm_mariadb_server" "mariadb" { administrator_login = var.settings.administrator_login administrator_login_password = try(var.settings.administrator_login_password, azurerm_key_vault_secret.mariadb_admin_password.0.value) - + sku_name = var.settings.sku_name storage_mb = var.settings.storage_mb version = var.settings.version @@ -22,13 +22,13 @@ resource "azurerm_mariadb_server" "mariadb" { # Generate mariadb server random admin password if not provided in the attribute administrator_login_password resource "random_password" "mariadb_admin" { - count = try(var.settings.administrator_login_password, null) == null ? 1 : 0 + count = try(var.settings.administrator_login_password, null) == null ? 1 : 0 length = 32 special = true upper = true number = true override_special = "_%@" - + } # Store the generated password into keyvault diff --git a/modules/databases/mariadb_server/variables.tf b/modules/databases/mariadb_server/variables.tf index c107d9d14a..cada665554 100644 --- a/modules/databases/mariadb_server/variables.tf +++ b/modules/databases/mariadb_server/variables.tf @@ -1,7 +1,15 @@ -variable global_settings {} +variable global_settings { + description = "Global settings object (see module README.md)" +} variable settings {} -variable resource_group_name {} -variable location {} +variable resource_group_name { + description = "(Required) The name of the resource group where to create the resource." + type = string +} +variable location { + description = "(Required) Specifies the supported Azure location where to create the resource. Changing this forces a new resource to be created." + type = string +} variable keyvault_id {} variable storage_accounts {} variable azuread_groups {} @@ -15,4 +23,7 @@ variable diagnostic_profiles { variable diagnostics { default = {} } -variable base_tags {} +variable base_tags { + description = "Base tags for the resource to be inherited from the resource group." + type = map +} diff --git a/modules/databases/mssql_database/README.md b/modules/databases/mssql_database/README.md new file mode 100755 index 0000000000..8b22cf20fb --- /dev/null +++ b/modules/databases/mssql_database/README.md @@ -0,0 +1,46 @@ +# Azure MS SQL Database + +This submodule is part of Cloud Adoption Framework landing zones for Azure on Terraform. + +You can instantiate this submodule directly using the following parameters: + +``` +module "caf_mssql_database" { + source = "aztfmod/caf/azurerm//modules/databases/mssql_database" + version = "4.21.2" + # insert the 6 required variables here +} +``` + + +## Requirements + +| Name | Version | +|------|---------| +| terraform | >= 0.13 | + +## Providers + +| Name | Version | +|------|---------| +| azurecaf | n/a | +| azurerm | n/a | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| base\_tags | Base tags for the resource to be inherited from the resource group. | `map` | n/a | yes | +| elastic\_pool\_id | n/a | `any` | `null` | no | +| global\_settings | Global settings object (see module README.md) | `any` | n/a | yes | +| server\_id | n/a | `any` | n/a | yes | +| settings | n/a | `any` | n/a | yes | +| storage\_accounts | n/a | `any` | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| id | n/a | + + \ No newline at end of file diff --git a/modules/databases/mssql_database/variables.tf b/modules/databases/mssql_database/variables.tf index 6980402a88..0c6145136f 100755 --- a/modules/databases/mssql_database/variables.tf +++ b/modules/databases/mssql_database/variables.tf @@ -1,8 +1,13 @@ -variable global_settings {} +variable global_settings { + description = "Global settings object (see module README.md)" +} variable settings {} variable server_id {} variable storage_accounts {} variable elastic_pool_id { default = null } -variable base_tags {} \ No newline at end of file +variable base_tags { + description = "Base tags for the resource to be inherited from the resource group." + type = map +} \ No newline at end of file diff --git a/modules/databases/mssql_elastic_pool/README.md b/modules/databases/mssql_elastic_pool/README.md new file mode 100755 index 0000000000..c46ba41976 --- /dev/null +++ b/modules/databases/mssql_elastic_pool/README.md @@ -0,0 +1,46 @@ +# Azure MS SQL Elastic pool + +This submodule is part of Cloud Adoption Framework landing zones for Azure on Terraform. + +You can instantiate this submodule directly using the following parameters: + +``` +module "caf_mssql_elastic_pool" { + source = "aztfmod/caf/azurerm//modules/databases/mssql_elastic_pool" + version = "4.21.2" + # insert the 6 required variables here +} +``` + + +## Requirements + +| Name | Version | +|------|---------| +| terraform | >= 0.13 | + +## Providers + +| Name | Version | +|------|---------| +| azurecaf | n/a | +| azurerm | n/a | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| base\_tags | Base tags for the resource to be inherited from the resource group. | `map` | n/a | yes | +| global\_settings | Global settings object (see module README.md) | `any` | n/a | yes | +| location | (Required) Specifies the supported Azure location where to create the resource. Changing this forces a new resource to be created. | `string` | n/a | yes | +| resource\_group\_name | (Required) The name of the resource group where to create the resource. | `string` | n/a | yes | +| server\_name | n/a | `any` | n/a | yes | +| settings | n/a | `any` | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| id | n/a | + + \ No newline at end of file diff --git a/modules/databases/mssql_elastic_pool/variables.tf b/modules/databases/mssql_elastic_pool/variables.tf index 744be6257d..47cfc0a861 100755 --- a/modules/databases/mssql_elastic_pool/variables.tf +++ b/modules/databases/mssql_elastic_pool/variables.tf @@ -1,6 +1,17 @@ -variable global_settings {} +variable global_settings { + description = "Global settings object (see module README.md)" +} variable settings {} -variable resource_group_name {} -variable location {} +variable resource_group_name { + description = "(Required) The name of the resource group where to create the resource." + type = string +} +variable location { + description = "(Required) Specifies the supported Azure location where to create the resource. Changing this forces a new resource to be created." + type = string +} variable server_name {} -variable base_tags {} +variable base_tags { + description = "Base tags for the resource to be inherited from the resource group." + type = map +} diff --git a/modules/databases/mssql_managed_database/README.md b/modules/databases/mssql_managed_database/README.md new file mode 100755 index 0000000000..2cfd82143b --- /dev/null +++ b/modules/databases/mssql_managed_database/README.md @@ -0,0 +1,49 @@ +# Azure MS SQL Managed Database + +This submodule is part of Cloud Adoption Framework landing zones for Azure on Terraform. + +You can instantiate this submodule directly using the following parameters: + +``` +module "caf_mssql_managed_database" { + source = "aztfmod/caf/azurerm//modules/databases/mssql_managed_database" + version = "4.21.2" + # insert the 6 required variables here +} +``` + + +## Requirements + +| Name | Version | +|------|---------| +| terraform | >= 0.13 | + +## Providers + +| Name | Version | +|------|---------| +| azurecaf | n/a | +| azurerm | n/a | +| null | n/a | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| base\_tags | Base tags for the resource to be inherited from the resource group. | `map` | n/a | yes | +| global\_settings | Global settings object (see module README.md) | `any` | n/a | yes | +| location | (Required) Specifies the supported Azure location where to create the resource. Changing this forces a new resource to be created. | `string` | n/a | yes | +| resource\_group\_name | (Required) The name of the resource group where to create the resource. | `string` | n/a | yes | +| server\_name | n/a | `any` | n/a | yes | +| settings | n/a | `any` | n/a | yes | +| sourceDatabaseId | n/a | `string` | `""` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| id | SQL Managed DB Id | +| name | SQL Managed DB Name | + + \ No newline at end of file diff --git a/modules/databases/mssql_managed_database/variables.tf b/modules/databases/mssql_managed_database/variables.tf index 53ebfca6dc..9077afe8df 100644 --- a/modules/databases/mssql_managed_database/variables.tf +++ b/modules/databases/mssql_managed_database/variables.tf @@ -1,9 +1,20 @@ -variable global_settings {} +variable global_settings { + description = "Global settings object (see module README.md)" +} variable server_name {} variable settings {} -variable base_tags {} -variable resource_group_name {} -variable location {} +variable base_tags { + description = "Base tags for the resource to be inherited from the resource group." + type = map +} +variable resource_group_name { + description = "(Required) The name of the resource group where to create the resource." + type = string +} +variable location { + description = "(Required) Specifies the supported Azure location where to create the resource. Changing this forces a new resource to be created." + type = string +} variable sourceDatabaseId { default = "" } diff --git a/modules/databases/mssql_managed_instance/README.md b/modules/databases/mssql_managed_instance/README.md new file mode 100755 index 0000000000..582972d87c --- /dev/null +++ b/modules/databases/mssql_managed_instance/README.md @@ -0,0 +1,51 @@ +# Azure MS SQL Managed Instance + +This submodule is part of Cloud Adoption Framework landing zones for Azure on Terraform. + +You can instantiate this submodule directly using the following parameters: + +``` +module "caf_mssql_managed_instance" { + source = "aztfmod/caf/azurerm//modules/databases/mssql_managed_instance" + version = "4.21.2" + # insert the 6 required variables here +} +``` + + +## Requirements + +| Name | Version | +|------|---------| +| terraform | >= 0.13 | + +## Providers + +| Name | Version | +|------|---------| +| azurecaf | n/a | +| azurerm | n/a | +| null | n/a | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| base\_tags | Base tags for the resource to be inherited from the resource group. | `map` | n/a | yes | +| global\_settings | Global settings object (see module README.md) | `any` | n/a | yes | +| location | (Required) Specifies the supported Azure location where to create the resource. Changing this forces a new resource to be created. | `string` | n/a | yes | +| primary\_server\_id | n/a | `string` | `""` | no | +| resource\_group\_name | (Required) The name of the resource group where to create the resource. | `string` | n/a | yes | +| settings | n/a | `any` | n/a | yes | +| subnet\_id | n/a | `any` | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| id | SQL MI Id | +| location | n/a | +| name | SQL MI Name | +| principal\_id | SQL MI Identity Principal Id | + + \ No newline at end of file diff --git a/modules/databases/mssql_managed_instance/administrator/variables.tf b/modules/databases/mssql_managed_instance/administrator/variables.tf index 52c7268c55..ef5b5b9515 100644 --- a/modules/databases/mssql_managed_instance/administrator/variables.tf +++ b/modules/databases/mssql_managed_instance/administrator/variables.tf @@ -1,4 +1,7 @@ -variable resource_group_name {} +variable resource_group_name { + description = "(Required) The name of the resource group where to create the resource." + type = string +} variable mi_name {} variable settings {} variable user_principal_name { diff --git a/modules/databases/mssql_managed_instance/failover_group/variables.tf b/modules/databases/mssql_managed_instance/failover_group/variables.tf index 9253f39d66..1f6e65d273 100644 --- a/modules/databases/mssql_managed_instance/failover_group/variables.tf +++ b/modules/databases/mssql_managed_instance/failover_group/variables.tf @@ -1,6 +1,11 @@ -variable global_settings {} +variable global_settings { + description = "Global settings object (see module README.md)" +} variable settings {} -variable resource_group_name {} +variable resource_group_name { + description = "(Required) The name of the resource group where to create the resource." + type = string +} variable primaryManagedInstanceId {} variable partnerManagedInstanceId {} variable partnerRegion {} \ No newline at end of file diff --git a/modules/databases/mssql_managed_instance/variables.tf b/modules/databases/mssql_managed_instance/variables.tf index baa81c569c..93653aad44 100644 --- a/modules/databases/mssql_managed_instance/variables.tf +++ b/modules/databases/mssql_managed_instance/variables.tf @@ -1,9 +1,20 @@ -variable global_settings {} +variable global_settings { + description = "Global settings object (see module README.md)" +} variable settings {} -variable base_tags {} +variable base_tags { + description = "Base tags for the resource to be inherited from the resource group." + type = map +} variable subnet_id {} -variable resource_group_name {} -variable location {} +variable resource_group_name { + description = "(Required) The name of the resource group where to create the resource." + type = string +} +variable location { + description = "(Required) Specifies the supported Azure location where to create the resource. Changing this forces a new resource to be created." + type = string +} variable primary_server_id { default = "" } diff --git a/modules/databases/mssql_server/README.md b/modules/databases/mssql_server/README.md new file mode 100755 index 0000000000..66c9b78a7c --- /dev/null +++ b/modules/databases/mssql_server/README.md @@ -0,0 +1,59 @@ +# Azure MS SQL Server + +This submodule is part of Cloud Adoption Framework landing zones for Azure on Terraform. + +You can instantiate this submodule directly using the following parameters: + +``` +module "caf_mssql_server" { + source = "aztfmod/caf/azurerm//modules/databases/mssql_server" + version = "4.21.2" + # insert the 12 required variables here +} +``` + + +## Requirements + +| Name | Version | +|------|---------| +| terraform | >= 0.13 | + +## Providers + +| Name | Version | +|------|---------| +| azurecaf | n/a | +| azurerm | n/a | +| random | n/a | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| azuread\_groups | n/a | `any` | n/a | yes | +| base\_tags | Base tags for the resource to be inherited from the resource group. | `map` | n/a | yes | +| client\_config | Client configuration object (see module README.md). | `any` | n/a | yes | +| global\_settings | Global settings object (see module README.md) | `any` | n/a | yes | +| keyvault\_id | n/a | `any` | n/a | yes | +| location | (Required) Specifies the supported Azure location where to create the resource. Changing this forces a new resource to be created. | `string` | n/a | yes | +| private\_endpoints | n/a | `any` | n/a | yes | +| resource\_group\_name | (Required) The name of the resource group where to create the resource. | `string` | n/a | yes | +| resource\_groups | n/a | `any` | n/a | yes | +| settings | n/a | `any` | n/a | yes | +| storage\_accounts | n/a | `any` | n/a | yes | +| vnets | n/a | `any` | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| azuread\_administrator | n/a | +| id | n/a | +| identity | n/a | +| location | n/a | +| name | n/a | +| rbac\_id | n/a | +| resource\_group\_name | n/a | + + \ No newline at end of file diff --git a/modules/databases/mssql_server/failover_group/variables.tf b/modules/databases/mssql_server/failover_group/variables.tf index 8e73223b5c..b75b07ab85 100644 --- a/modules/databases/mssql_server/failover_group/variables.tf +++ b/modules/databases/mssql_server/failover_group/variables.tf @@ -1,7 +1,14 @@ -variable global_settings {} -variable client_config {} +variable global_settings { + description = "Global settings object (see module README.md)" +} +variable client_config { + description = "Client configuration object (see module README.md)." +} variable settings {} -variable resource_group_name {} +variable resource_group_name { + description = "(Required) The name of the resource group where to create the resource." + type = string +} variable primary_server_name {} variable secondary_server_id {} variable databases {} \ No newline at end of file diff --git a/modules/databases/mssql_server/variables.tf b/modules/databases/mssql_server/variables.tf index cb04ce2b43..c15693c981 100755 --- a/modules/databases/mssql_server/variables.tf +++ b/modules/databases/mssql_server/variables.tf @@ -1,12 +1,25 @@ -variable global_settings {} -variable client_config {} +variable global_settings { + description = "Global settings object (see module README.md)" +} +variable client_config { + description = "Client configuration object (see module README.md)." +} variable settings {} -variable resource_group_name {} -variable location {} +variable resource_group_name { + description = "(Required) The name of the resource group where to create the resource." + type = string +} +variable location { + description = "(Required) Specifies the supported Azure location where to create the resource. Changing this forces a new resource to be created." + type = string +} variable keyvault_id {} variable storage_accounts {} variable azuread_groups {} variable vnets {} variable private_endpoints {} variable resource_groups {} -variable base_tags {} +variable base_tags { + description = "Base tags for the resource to be inherited from the resource group." + type = map +} diff --git a/modules/databases/mysql_server/README.md b/modules/databases/mysql_server/README.md new file mode 100755 index 0000000000..158c976b19 --- /dev/null +++ b/modules/databases/mysql_server/README.md @@ -0,0 +1,62 @@ +# Azure MySQL Server + +This submodule is part of Cloud Adoption Framework landing zones for Azure on Terraform. + +You can instantiate this submodule directly using the following parameters: + +``` +module "caf_mysql_server" { + source = "aztfmod/caf/azurerm//modules/databases/mysql_server" + version = "4.21.2" + # insert the 12 required variables here +} +``` + + +## Requirements + +| Name | Version | +|------|---------| +| terraform | >= 0.13 | + +## Providers + +| Name | Version | +|------|---------| +| azurecaf | n/a | +| azurerm | n/a | +| random | n/a | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| azuread\_groups | n/a | `any` | n/a | yes | +| base\_tags | Base tags for the resource to be inherited from the resource group. | `map` | n/a | yes | +| client\_config | Client configuration object (see module README.md). | `any` | n/a | yes | +| diagnostic\_profiles | n/a | `any` | `null` | no | +| diagnostics | n/a | `map` | `{}` | no | +| global\_settings | Global settings object (see module README.md) | `any` | n/a | yes | +| keyvault\_id | n/a | `any` | n/a | yes | +| location | (Required) Specifies the supported Azure location where to create the resource. Changing this forces a new resource to be created. | `string` | n/a | yes | +| network\_security\_group\_definition | n/a | `any` | `null` | no | +| private\_endpoints | n/a | `any` | n/a | yes | +| resource\_group\_name | (Required) The name of the resource group where to create the resource. | `string` | n/a | yes | +| resource\_groups | n/a | `any` | n/a | yes | +| settings | n/a | `any` | n/a | yes | +| storage\_accounts | n/a | `any` | n/a | yes | +| subnet\_id | n/a | `any` | n/a | yes | +| vnets | n/a | `any` | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| id | n/a | +| identity | n/a | +| location | n/a | +| name | n/a | +| rbac\_id | n/a | +| resource\_group\_name | n/a | + + \ No newline at end of file diff --git a/modules/databases/mysql_server/variables.tf b/modules/databases/mysql_server/variables.tf index e2c8388fad..3a05ee0ca6 100644 --- a/modules/databases/mysql_server/variables.tf +++ b/modules/databases/mysql_server/variables.tf @@ -1,8 +1,18 @@ -variable global_settings {} +variable global_settings { + description = "Global settings object (see module README.md)" +} variable settings {} -variable client_config {} -variable resource_group_name {} -variable location {} +variable client_config { + description = "Client configuration object (see module README.md)." +} +variable resource_group_name { + description = "(Required) The name of the resource group where to create the resource." + type = string +} +variable location { + description = "(Required) Specifies the supported Azure location where to create the resource. Changing this forces a new resource to be created." + type = string +} variable keyvault_id {} variable storage_accounts {} variable azuread_groups {} @@ -19,4 +29,7 @@ variable network_security_group_definition { variable diagnostics { default = {} } -variable base_tags {} +variable base_tags { + description = "Base tags for the resource to be inherited from the resource group." + type = map +} diff --git a/modules/databases/postgresql_server/README.md b/modules/databases/postgresql_server/README.md new file mode 100755 index 0000000000..04f5203163 --- /dev/null +++ b/modules/databases/postgresql_server/README.md @@ -0,0 +1,58 @@ +# Azure PostgreSQL Server + +This submodule is part of Cloud Adoption Framework landing zones for Azure on Terraform. + +You can instantiate this submodule directly using the following parameters: + +``` +module "caf_postgresql_server" { + source = "aztfmod/caf/azurerm//modules/databases/postgresql_server" + version = "4.21.2" + # insert the 12 required variables here +} +``` + + +## Requirements + +| Name | Version | +|------|---------| +| terraform | >= 0.13 | + +## Providers + +| Name | Version | +|------|---------| +| azurecaf | n/a | +| azurerm | n/a | +| random | n/a | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| azuread\_groups | n/a | `any` | n/a | yes | +| base\_tags | Base tags for the resource to be inherited from the resource group. | `map` | n/a | yes | +| global\_settings | Global settings object (see module README.md) | `any` | n/a | yes | +| keyvault\_id | n/a | `any` | n/a | yes | +| location | (Required) Specifies the supported Azure location where to create the resource. Changing this forces a new resource to be created. | `string` | n/a | yes | +| private\_endpoints | n/a | `any` | n/a | yes | +| resource\_group\_name | (Required) The name of the resource group where to create the resource. | `string` | n/a | yes | +| resource\_groups | n/a | `any` | n/a | yes | +| settings | n/a | `any` | n/a | yes | +| storage\_accounts | n/a | `any` | n/a | yes | +| subnet\_id | n/a | `any` | n/a | yes | +| vnets | n/a | `any` | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| id | n/a | +| identity | n/a | +| location | n/a | +| name | n/a | +| rbac\_id | n/a | +| resource\_group\_name | n/a | + + \ No newline at end of file diff --git a/modules/databases/postgresql_server/variables.tf b/modules/databases/postgresql_server/variables.tf index 1fecf0cf31..2a68891a91 100644 --- a/modules/databases/postgresql_server/variables.tf +++ b/modules/databases/postgresql_server/variables.tf @@ -1,7 +1,15 @@ -variable global_settings {} +variable global_settings { + description = "Global settings object (see module README.md)" +} variable settings {} -variable resource_group_name {} -variable location {} +variable resource_group_name { + description = "(Required) The name of the resource group where to create the resource." + type = string +} +variable location { + description = "(Required) Specifies the supported Azure location where to create the resource. Changing this forces a new resource to be created." + type = string +} variable keyvault_id {} variable storage_accounts {} variable azuread_groups {} @@ -9,5 +17,8 @@ variable vnets {} variable subnet_id {} variable private_endpoints {} variable resource_groups {} -variable base_tags {} +variable base_tags { + description = "Base tags for the resource to be inherited from the resource group." + type = map +} diff --git a/modules/diagnostics/README.md b/modules/diagnostics/README.md new file mode 100755 index 0000000000..8a2721b2a1 --- /dev/null +++ b/modules/diagnostics/README.md @@ -0,0 +1,40 @@ +# Diagnostic settings for Azure resources + +This submodule is part of Cloud Adoption Framework landing zones for Azure on Terraform. + +You can instantiate this submodule directly using the following parameters: + +``` +module "caf_diagnostics" { + source = "aztfmod/caf/azurerm//modules/diagnostics" + version = "4.21.2" + # insert the 4 required variables here +} +``` + + +## Requirements + +No requirements. + +## Providers + +| Name | Version | +|------|---------| +| azurerm | n/a | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| diagnostics | (Required) Contains the diagnostics setting object. | `any` | n/a | yes | +| global\_settings | n/a | `map` | `{}` | no | +| profiles | n/a | `any` | n/a | yes | +| resource\_id | (Required) Fully qualified Azure resource identifier for which you enable diagnostics. | `any` | n/a | yes | +| resource\_location | (Required) location of the resource | `any` | n/a | yes | + +## Outputs + +No output. + + \ No newline at end of file diff --git a/modules/diagnostics/output.tf b/modules/diagnostics/output.tf new file mode 100644 index 0000000000..d951a50e68 --- /dev/null +++ b/modules/diagnostics/output.tf @@ -0,0 +1,4 @@ +# output id { +# description = "The ID of the Diagnostic Setting." +# value = azurerm_monitor_diagnostic_setting.diagnostics[*].id +# } diff --git a/modules/documentation/coding_cec.md b/modules/documentation/coding_cec.md deleted file mode 100644 index af83e9e959..0000000000 --- a/modules/documentation/coding_cec.md +++ /dev/null @@ -1,5 +0,0 @@ -# Common Engineering Criteria for landing zones and modules - -## Modules - -## Landing zones diff --git a/modules/event_hub_namespaces/README.md b/modules/event_hub_namespaces/README.md new file mode 100755 index 0000000000..657e8435f8 --- /dev/null +++ b/modules/event_hub_namespaces/README.md @@ -0,0 +1,47 @@ +# Azure Event Hub Namespace + +This submodule is part of Cloud Adoption Framework landing zones for Azure on Terraform. + +You can instantiate this submodule directly using the following parameters: + +``` +module "caf_event_hub_namespaces" { + source = "aztfmod/caf/azurerm//modules/event_hub_namespaces" + version = "4.21.2" + # insert the 5 required variables here +} +``` + + +## Requirements + +| Name | Version | +|------|---------| +| terraform | >= 0.13 | + +## Providers + +| Name | Version | +|------|---------| +| azurecaf | n/a | +| azurerm | n/a | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| base\_tags | Base tags for the resource to be inherited from the resource group. | `map` | n/a | yes | +| client\_config | Client configuration object (see module README.md). | `any` | n/a | yes | +| global\_settings | Global settings object (see module README.md) | `any` | n/a | yes | +| resource\_groups | n/a | `any` | n/a | yes | +| settings | n/a | `any` | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| id | The EventHub Namespace ID. | +| location | The EventHub Namespace location. | +| name | The EventHub Namespace name. | + + \ No newline at end of file diff --git a/modules/event_hub_namespaces/output.tf b/modules/event_hub_namespaces/output.tf index d7577ec94b..1c4144752c 100755 --- a/modules/event_hub_namespaces/output.tf +++ b/modules/event_hub_namespaces/output.tf @@ -1,14 +1,17 @@ output id { - value = azurerm_eventhub_namespace.evh.id - sensitive = true + description = "The EventHub Namespace ID." + value = azurerm_eventhub_namespace.evh.id + sensitive = true } output name { - value = azurerm_eventhub_namespace.evh.name - sensitive = true + description = "The EventHub Namespace name." + value = azurerm_eventhub_namespace.evh.name + sensitive = true } output location { - value = azurerm_eventhub_namespace.evh.location - sensitive = true + description = "The EventHub Namespace location." + value = azurerm_eventhub_namespace.evh.location + sensitive = true } \ No newline at end of file diff --git a/modules/event_hub_namespaces/variables.tf b/modules/event_hub_namespaces/variables.tf index bd95226883..fc96660f4a 100755 --- a/modules/event_hub_namespaces/variables.tf +++ b/modules/event_hub_namespaces/variables.tf @@ -1,5 +1,12 @@ -variable global_settings {} +variable global_settings { + description = "Global settings object (see module README.md)" +} variable settings {} variable resource_groups {} -variable base_tags {} -variable client_config {} \ No newline at end of file +variable base_tags { + description = "Base tags for the resource to be inherited from the resource group." + type = map +} +variable client_config { + description = "Client configuration object (see module README.md)." +} \ No newline at end of file diff --git a/modules/log_analytics/README.md b/modules/log_analytics/README.md new file mode 100755 index 0000000000..ff76892ea0 --- /dev/null +++ b/modules/log_analytics/README.md @@ -0,0 +1,48 @@ +# Azure Log Analytics Workspace + +This submodule is part of Cloud Adoption Framework landing zones for Azure on Terraform. + +You can instantiate this submodule directly using the following parameters: + +``` +module "caf_log_analytics" { + source = "aztfmod/caf/azurerm//modules/log_analytics" + version = "4.21.2" + # insert the 4 required variables here +} +``` + + +## Requirements + +| Name | Version | +|------|---------| +| terraform | >= 0.13 | + +## Providers + +| Name | Version | +|------|---------| +| azurecaf | n/a | +| azurerm | n/a | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| base\_tags | Base tags for the resource to be inherited from the resource group. | `map` | n/a | yes | +| global\_settings | Global settings object (see module README.md) | `any` | n/a | yes | +| log\_analytics | n/a | `any` | n/a | yes | +| resource\_groups | n/a | `any` | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| id | n/a | +| location | n/a | +| name | n/a | +| resource\_group\_name | n/a | +| workspace\_id | n/a | + + \ No newline at end of file diff --git a/modules/log_analytics/variables.tf b/modules/log_analytics/variables.tf index c058d5da02..0ff1a61638 100755 --- a/modules/log_analytics/variables.tf +++ b/modules/log_analytics/variables.tf @@ -1,4 +1,9 @@ -variable global_settings {} +variable global_settings { + description = "Global settings object (see module README.md)" +} variable log_analytics {} variable resource_groups {} -variable base_tags {} \ No newline at end of file +variable base_tags { + description = "Base tags for the resource to be inherited from the resource group." + type = map +} \ No newline at end of file diff --git a/modules/log_analytics/workspace.tf b/modules/log_analytics/workspace.tf index 1996647358..441db90806 100755 --- a/modules/log_analytics/workspace.tf +++ b/modules/log_analytics/workspace.tf @@ -1,4 +1,3 @@ - # naming convention resource "azurecaf_name" "law" { name = var.log_analytics.name diff --git a/modules/monitoring/service_health_alerts/README.md b/modules/monitoring/service_health_alerts/README.md new file mode 100755 index 0000000000..15fd215f2d --- /dev/null +++ b/modules/monitoring/service_health_alerts/README.md @@ -0,0 +1,41 @@ +# Azure Service Health Alerts + +This submodule is part of Cloud Adoption Framework landing zones for Azure on Terraform. + +You can instantiate this submodule directly using the following parameters: + +``` +module "caf_service_health_alerts" { + source = "aztfmod/caf/azurerm//modules/monitoring/service_health_alerts" + version = "4.21.2" + # insert the 4 required variables here +} +``` + + +## Requirements + +No requirements. + +## Providers + +| Name | Version | +|------|---------| +| azurecaf | n/a | +| azurerm | n/a | +| random | n/a | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| global\_settings | n/a | `any` | n/a | yes | +| location | n/a | `any` | n/a | yes | +| resource\_group\_name | n/a | `any` | n/a | yes | +| settings | n/a | `any` | n/a | yes | + +## Outputs + +No output. + + \ No newline at end of file diff --git a/modules/networking/application_gateway/README.md b/modules/networking/application_gateway/README.md new file mode 100755 index 0000000000..8c2f281f98 --- /dev/null +++ b/modules/networking/application_gateway/README.md @@ -0,0 +1,55 @@ +# Azure Application Gateway + +This submodule is part of Cloud Adoption Framework landing zones for Azure on Terraform. + +You can instantiate this submodule directly using the following parameters: + +``` +module "caf_application_gateway" { + source = "aztfmod/caf/azurerm//modules/networking/application_gateway" + version = "4.21.2" + # insert the 8 required variables here +} +``` + + +## Requirements + +No requirements. + +## Providers + +| Name | Version | +|------|---------| +| azurecaf | n/a | +| azurerm | n/a | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| app\_services | n/a | `map` | `{}` | no | +| application\_gateway\_applications | n/a | `any` | n/a | yes | +| base\_tags | Base tags for the resource to be inherited from the resource group. | `map` | n/a | yes | +| client\_config | Client configuration object (see module README.md). | `any` | n/a | yes | +| diagnostics | n/a | `any` | n/a | yes | +| global\_settings | Global settings object (see module README.md) | `any` | n/a | yes | +| keyvault\_certificates | n/a | `map` | `{}` | no | +| location | (Required) Specifies the supported Azure location where to create the resource. Changing this forces a new resource to be created. | `string` | n/a | yes | +| managed\_identities | n/a | `map` | `{}` | no | +| private\_dns | n/a | `map` | `{}` | no | +| public\_ip\_addresses | n/a | `map` | `{}` | no | +| resource\_group\_name | (Required) The name of the resource group where to create the resource. | `string` | n/a | yes | +| settings | n/a | `any` | n/a | yes | +| sku\_name | (Optional) (Default = Standard\_v2) The Name of the SKU to use for this Application Gateway. Possible values are Standard\_Small, Standard\_Medium, Standard\_Large, Standard\_v2, WAF\_Medium, WAF\_Large, and WAF\_v2. | `string` | `"Standard_v2"` | no | +| sku\_tier | (Optional) (Default = Standard\_v2) (Required) The Tier of the SKU to use for this Application Gateway. Possible values are Standard, Standard\_v2, WAF and WAF\_v2. | `string` | `"Standard_v2"` | no | +| vnets | n/a | `map` | `{}` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| id | n/a | +| private\_ip\_address | n/a | + + \ No newline at end of file diff --git a/modules/networking/application_gateway/variable.tf b/modules/networking/application_gateway/variable.tf index b18728799e..3b7cddf414 100644 --- a/modules/networking/application_gateway/variable.tf +++ b/modules/networking/application_gateway/variable.tf @@ -1,9 +1,19 @@ variable settings {} -variable global_settings {} -variable client_config {} +variable global_settings { + description = "Global settings object (see module README.md)" +} +variable client_config { + description = "Client configuration object (see module README.md)." +} variable diagnostics {} -variable resource_group_name {} -variable location {} +variable resource_group_name { + description = "(Required) The name of the resource group where to create the resource." + type = string +} +variable location { + description = "(Required) Specifies the supported Azure location where to create the resource. Changing this forces a new resource to be created." + type = string +} variable public_ip_addresses { default = {} } @@ -37,7 +47,10 @@ variable sku_tier { } } -variable base_tags {} +variable base_tags { + description = "Base tags for the resource to be inherited from the resource group." + type = map +} variable private_dns { default = {} } diff --git a/modules/networking/dns_zone/README.md b/modules/networking/dns_zone/README.md new file mode 100755 index 0000000000..6d433c6d58 --- /dev/null +++ b/modules/networking/dns_zone/README.md @@ -0,0 +1,48 @@ +# Azure DNS domain zone + +This submodule is part of Cloud Adoption Framework landing zones for Azure on Terraform. + +You can instantiate this submodule directly using the following parameters: + +``` +module "caf_dns_zone" { + source = "aztfmod/caf/azurerm//modules/networking/dns_zone" + version = "4.21.2" + # insert the 5 required variables here +} +``` + + +## Requirements + +| Name | Version | +|------|---------| +| terraform | >= 0.13 | + +## Providers + +| Name | Version | +|------|---------| +| azurerm | n/a | +| random | n/a | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| base\_tags | Base tags for the resource to be inherited from the resource group. | `map` | n/a | yes | +| global\_settings | Global settings object (see module README.md) | `any` | n/a | yes | +| location | (Required) Specifies the supported Azure location where to create the resource. Changing this forces a new resource to be created. | `string` | n/a | yes | +| resource\_group\_name | (Required) The name of the resource group where to create the resource. | `string` | n/a | yes | +| settings | n/a | `any` | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| dns\_zone\_id | DNS Zone resource ID | +| dns\_zone\_name | DNS Zone name | +| dns\_zone\_object | DNS Zone resource object | +| domain\_id | n/a | + + \ No newline at end of file diff --git a/modules/networking/dns_zone/dns_zone.tf b/modules/networking/dns_zone/dns_zone.tf index 4784a7c323..d0a3f0ab22 100644 --- a/modules/networking/dns_zone/dns_zone.tf +++ b/modules/networking/dns_zone/dns_zone.tf @@ -1,5 +1,5 @@ resource "random_string" "domain_zone_name" { - count = var.settings.name == "" ? 1 : 0 + count = var.settings.name == "" ? 1 : 0 length = 16 special = false upper = false @@ -24,7 +24,7 @@ resource "azurerm_template_deployment" "domain" { ignore_changes = [parameters] } parameters = { - "Name" = local.domain_zone_name + "Name" = local.domain_zone_name "key1" = lookup(var.settings.contract, "agreement_key1", "DNRA"), "key2" = lookup(var.settings.contract, "agreement_key2", "DNRA"), "AgreedBy" = lookup(var.settings.contract, "agree_by", "100.5.150.200:52212"), #Change to DevOps Agent IP diff --git a/modules/networking/dns_zone/main.tf b/modules/networking/dns_zone/main.tf index 8105192fec..c1d10a1deb 100644 --- a/modules/networking/dns_zone/main.tf +++ b/modules/networking/dns_zone/main.tf @@ -12,5 +12,5 @@ locals { "module" = basename(abspath(path.module)) } arm_filename = "${path.module}/arm_domain.json" - tags = merge(local.module_tag, try(var.settings.tags, null), var.base_tags) + tags = merge(local.module_tag, try(var.settings.tags, null), var.base_tags) } diff --git a/modules/networking/dns_zone/variables.tf b/modules/networking/dns_zone/variables.tf index d17af5cbcc..169e65150d 100644 --- a/modules/networking/dns_zone/variables.tf +++ b/modules/networking/dns_zone/variables.tf @@ -1,5 +1,16 @@ -variable resource_group_name {} -variable location {} +variable resource_group_name { + description = "(Required) The name of the resource group where to create the resource." + type = string +} +variable location { + description = "(Required) Specifies the supported Azure location where to create the resource. Changing this forces a new resource to be created." + type = string +} variable settings {} -variable global_settings {} -variable base_tags {} \ No newline at end of file +variable global_settings { + description = "Global settings object (see module README.md)" +} +variable base_tags { + description = "Base tags for the resource to be inherited from the resource group." + type = map +} \ No newline at end of file diff --git a/modules/networking/express_route_circuit/README.md b/modules/networking/express_route_circuit/README.md new file mode 100755 index 0000000000..9462fc811b --- /dev/null +++ b/modules/networking/express_route_circuit/README.md @@ -0,0 +1,48 @@ +# Azure Express Route Circuit + +This submodule is part of Cloud Adoption Framework landing zones for Azure on Terraform. + +You can instantiate this submodule directly using the following parameters: + +``` +module "caf_express_route_circuit" { + source = "aztfmod/caf/azurerm//modules/networking/express_route_circuit" + version = "4.21.2" + # insert the 6 required variables here +} +``` + + +## Requirements + +No requirements. + +## Providers + +| Name | Version | +|------|---------| +| azurecaf | n/a | +| azurerm | n/a | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| diagnostics | n/a | `any` | n/a | yes | +| global\_settings | Global settings object (see module README.md) | `any` | n/a | yes | +| location | (Required) Specifies the supported Azure location where to create the resource. Changing this forces a new resource to be created. | `string` | n/a | yes | +| resource\_group\_name | (Required) The name of the resource group where to create the resource. | `string` | n/a | yes | +| resource\_groups | n/a | `any` | n/a | yes | +| settings | n/a | `any` | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| id | Express Route Circuit ID | +| name | Name of the Express Route Circuit. | +| resource\_group\_name | The Express Route circuit resource group name. | +| service\_key | The string needed by the service provider to provision the ExpressRoute circuit. | +| service\_provider\_provisioning\_state | The ExpressRoute circuit provisioning state from your chosen service provider. | + + \ No newline at end of file diff --git a/modules/networking/express_route_circuit/variables.tf b/modules/networking/express_route_circuit/variables.tf index 3b5493d488..606a59b69e 100644 --- a/modules/networking/express_route_circuit/variables.tf +++ b/modules/networking/express_route_circuit/variables.tf @@ -1,8 +1,16 @@ variable settings {} variable resource_groups {} -variable resource_group_name {} -variable location {} +variable resource_group_name { + description = "(Required) The name of the resource group where to create the resource." + type = string +} +variable location { + description = "(Required) Specifies the supported Azure location where to create the resource. Changing this forces a new resource to be created." + type = string +} variable diagnostics {} -variable global_settings {} +variable global_settings { + description = "Global settings object (see module README.md)" +} # variable express_route_circuits {} # variable express_route_authorizations {} diff --git a/modules/networking/express_route_circuit_authorization/README.md b/modules/networking/express_route_circuit_authorization/README.md new file mode 100755 index 0000000000..a61c5172c0 --- /dev/null +++ b/modules/networking/express_route_circuit_authorization/README.md @@ -0,0 +1,42 @@ +# Azure Express Route Circuit Authorization + +This submodule is part of Cloud Adoption Framework landing zones for Azure on Terraform. + +You can instantiate this submodule directly using the following parameters: + +``` +module "caf_express_route_circuit_authorization" { + source = "aztfmod/caf/azurerm//modules/networking/express_route_circuit_authorization" + version = "4.21.2" + # insert the 3 required variables here +} +``` + + +## Requirements + +No requirements. + +## Providers + +| Name | Version | +|------|---------| +| azurerm | n/a | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| express\_route\_circuit\_name | n/a | `any` | n/a | yes | +| resource\_group\_name | (Required) The name of the resource group where to create the resource. | `string` | n/a | yes | +| settings | n/a | `any` | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| authorization\_key | The authorization key | +| authorization\_use\_status | The authorization use status. | +| id | Express Route Circuit Authorization ID | + + \ No newline at end of file diff --git a/modules/networking/express_route_circuit_authorization/variables.tf b/modules/networking/express_route_circuit_authorization/variables.tf index 77f0b6ecd6..3023f05b81 100644 --- a/modules/networking/express_route_circuit_authorization/variables.tf +++ b/modules/networking/express_route_circuit_authorization/variables.tf @@ -1,3 +1,6 @@ variable settings {} -variable resource_group_name {} +variable resource_group_name { + description = "(Required) The name of the resource group where to create the resource." + type = string +} variable express_route_circuit_name {} diff --git a/modules/networking/firewall/README.md b/modules/networking/firewall/README.md index 878b8bed0d..73e5324279 100755 --- a/modules/networking/firewall/README.md +++ b/modules/networking/firewall/README.md @@ -1,31 +1,18 @@ -[![VScodespaces](https://img.shields.io/endpoint?url=https%3A%2F%2Faka.ms%2Fvso-badge)](https://online.visualstudio.com/environments/new?name=terraform-azurerm-caf-azure-firewall&repo=terraform-azurerm-caf-azure-firewall) -[![Gitter](https://badges.gitter.im/aztfmod/community.svg)](https://gitter.im/aztfmod/community?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge) +# Azure Firewall -# Deploys Azure Firewall -Creates an Azure Firewall in a given region +This submodule is part of Cloud Adoption Framework landing zones for Azure on Terraform. +You can instantiate this submodule directly using the following parameters: -Reference the module to a specific version (recommended): -```hcl -module "az_firewall" { - source = "aztfmod/caf-azure-firewall/azurerm" - version = "0.x.y" - - convention = local.convention - name = local.az_fw_config.name - resource_group_name = azurerm_resource_group.rg_test.name - location = local.location - tags = local.tags - la_workspace_id = module.la_test.id - diagnostics_map = module.diags_test.diagnostics_map - diagnostics_settings = local.az_fw_config.diagnostics - - subnet_id = lookup(module.vnet_test.vnet_subnets, "AzureFirewallSubnet", null) - public_ip_id = module.public_ip_test.id +``` +module "caf_firewall" { + source = "aztfmod/caf/azurerm//modules/networking/firewall" + version = "4.21.2" + # insert the 9 required variables here } ``` - + ## Requirements No requirements. @@ -41,17 +28,15 @@ No requirements. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| convention | (Required) Naming convention method to use | `any` | n/a | yes | -| diagnostics\_map | (Required) Storage Account and Event Hub data for the AzFW diagnostics | `any` | n/a | yes | -| diagnostics\_settings | (Required) Map with the diagnostics settings for AzFW deployment | `any` | n/a | yes | -| la\_workspace\_id | (Required) ID of Log Analytics data for the AzFW diagnostics | `any` | n/a | yes | +| base\_tags | Base tags for the resource to be inherited from the resource group. | `map` | n/a | yes | +| diagnostic\_profiles | n/a | `map` | `{}` | no | +| diagnostics | n/a | `map` | `{}` | no | +| global\_settings | Global settings object (see module README.md) | `any` | n/a | yes | | location | (Required) Location of the Azure Firewall to be created | `any` | n/a | yes | -| max\_length | (Optional) You can speficy a maximum length to the name of the resource | `string` | `"50"` | no | | name | (Required) Name of the Azure Firewall to be created | `any` | n/a | yes | -| postfix | (Optional) You can use a postfix to the name of the resource | `string` | `""` | no | -| prefix | (Optional) You can use a prefix to the name of the resource | `string` | `""` | no | | public\_ip\_id | (Required) Public IP address identifier. IP address must be of type static and standard. | `any` | n/a | yes | | resource\_group\_name | (Required) Resource Group of the Azure Firewall to be created | `any` | n/a | yes | +| settings | n/a | `any` | n/a | yes | | subnet\_id | (Required) ID for the subnet where to deploy the Azure Firewall | `any` | n/a | yes | | tags | (Required) Tags of the Azure Firewall to be created | `any` | n/a | yes | @@ -59,9 +44,9 @@ No requirements. | Name | Description | |------|-------------| -| az\_firewall\_config | Outputs a map with az\_fw\_name,az\_fw\_id,az\_ipconfig,az\_object - to be deprecated in future version | -| id | Output the object ID | -| name | Output the object name | -| object | Output the full object | +| id | The ID of the Azure Firewall. | +| ip\_configuration | The Private IP address of the Azure Firewall. | +| name | Name of the firewall | +| resource\_group\_name | n/a | - \ No newline at end of file + \ No newline at end of file diff --git a/modules/networking/firewall/examples/101-simple firewall/firewall.tf b/modules/networking/firewall/examples/101-simple firewall/firewall.tf deleted file mode 100755 index 74c66c86f9..0000000000 --- a/modules/networking/firewall/examples/101-simple firewall/firewall.tf +++ /dev/null @@ -1,82 +0,0 @@ -provider "azurerm" { - features {} -} - -resource "azurerm_resource_group" "rg_test" { - name = local.resource_groups.test.name - location = local.resource_groups.test.location - tags = local.tags -} - -module "la_test" { - source = "aztfmod/caf-log-analytics/azurerm" - version = "2.0.0" - - convention = local.convention - location = local.location - name = local.name - solution_plan_map = local.solution_plan_map - prefix = local.prefix - resource_group_name = azurerm_resource_group.rg_test.name - tags = local.tags -} - -module "diags_test" { - source = "aztfmod/caf-diagnostics-logging/azurerm" - version = "2.0.0" - - name = local.name - convention = local.convention - resource_group_name = azurerm_resource_group.rg_test.name - prefix = local.prefix - location = local.location - tags = local.tags - enable_event_hub = local.enable_event_hub -} - -module "vnet_test" { - source = "aztfmod/caf-virtual-network/azurerm" - version = "2.0.0" - - virtual_network_rg = azurerm_resource_group.rg_test.name - prefix = local.prefix - location = local.location - networking_object = local.vnet_config - tags = local.tags - diagnostics_map = module.diags_test.diagnostics_map - log_analytics_workspace = module.la_test - diagnostics_settings = local.vnet_config.diagnostics - convention = local.convention -} - -module "public_ip_test" { - source = "aztfmod/caf-public-ip/azurerm" - version = "2.0.0" - - name = local.ip_addr_config.ip_name - location = local.location - rg = azurerm_resource_group.rg_test.name - ip_addr = local.ip_addr_config - tags = local.tags - diagnostics_map = module.diags_test.diagnostics_map - log_analytics_workspace_id = module.la_test.id - diagnostics_settings = local.ip_addr_config.diagnostics - convention = local.convention -} - -module "firewall_test" { - source = "../../" - - convention = local.convention - name = local.az_fw_config.name - resource_group_name = azurerm_resource_group.rg_test.name - location = local.location - tags = local.tags - la_workspace_id = module.la_test.id - diagnostics_map = module.diags_test.diagnostics_map - diagnostics_settings = local.az_fw_config.diagnostics - - subnet_id = lookup(module.vnet_test.vnet_subnets, "AzureFirewallSubnet", null) - public_ip_id = module.public_ip_test.id -} - diff --git a/modules/networking/firewall/examples/101-simple firewall/locals.tf b/modules/networking/firewall/examples/101-simple firewall/locals.tf deleted file mode 100755 index eb38def7c3..0000000000 --- a/modules/networking/firewall/examples/101-simple firewall/locals.tf +++ /dev/null @@ -1,94 +0,0 @@ -locals { - convention = "cafrandom" - name = "azfwcaf" - location = "southeastasia" - prefix = "" - resource_groups = { - test = { - name = "test-caf-azfirewall" - location = "southeastasia" - }, - } - enable_event_hub = true - - tags = { - environment = "DEV" - owner = "CAF" - } - solution_plan_map = { - NetworkMonitoring = { - "publisher" = "Microsoft" - "product" = "OMSGallery/NetworkMonitoring" - }, - } - - vnet_config = { - vnet = { - name = "TestVnet" - address_space = ["10.0.0.0/25"] - dns = ["192.168.0.16", "192.168.0.64"] - } - specialsubnets = { - AzureFirewallSubnet = { - name = "AzureFirewallSubnet" - cidr = "10.0.0.0/26" - service_endpoints = [] - } - } - subnets = { - subnet1 = { - name = "Network_Monitoring" - cidr = "10.0.0.64/26" - service_endpoints = [] - nsg_inbound = [] - nsg_outbound = [] - } - } - diagnostics = { - log = [ - # ["Category name", "Diagnostics Enabled(true/false)", "Retention Enabled(true/false)", Retention_period] - ["VMProtectionAlerts", true, true, 60], - ] - metric = [ - #["Category name", "Diagnostics Enabled(true/false)", "Retention Enabled(true/false)", Retention_period] - ["AllMetrics", true, true, 60], - ] - } - } - - az_fw_config = { - name = "az-fw-caftest" - diagnostics = { - log = [ - #["Category name", "Diagnostics Enabled(true/false)", "Retention Enabled(true/false)", Retention_period] - ["AzureFirewallApplicationRule", true, true, 30], - ["AzureFirewallNetworkRule", true, true, 30], - ] - metric = [ - ["AllMetrics", true, true, 30], - ] - } - } - - ip_addr_config = { - ip_name = "caftest-pip-egress" - allocation_method = "Static" - #Dynamic Public IP Addresses aren't allocated until they're assigned to a resource (such as a Virtual Machine or a Load Balancer) by design within Azure - - #properties below are optional - sku = "Standard" #defaults to Basic - ip_version = "IPv4" #defaults to IP4, Only dynamic for IPv6, Supported arguments are IPv4 or IPv6, NOT Both - - diagnostics = { - log = [ - #["Category name", "Diagnostics Enabled(true/false)", "Retention Enabled(true/false)", Retention_period] - ["DDoSProtectionNotifications", true, true, 30], - ["DDoSMitigationFlowLogs", true, true, 30], - ["DDoSMitigationReports", true, true, 30], - ] - metric = [ - ["AllMetrics", true, true, 30], - ] - } - } -} \ No newline at end of file diff --git a/modules/networking/firewall/examples/101-simple firewall/output.tf b/modules/networking/firewall/examples/101-simple firewall/output.tf deleted file mode 100755 index 41cd0109ec..0000000000 --- a/modules/networking/firewall/examples/101-simple firewall/output.tf +++ /dev/null @@ -1,3 +0,0 @@ -output "object" { - value = module.firewall_test -} diff --git a/modules/networking/firewall/variables.tf b/modules/networking/firewall/variables.tf index 0826684b62..49389dd30f 100755 --- a/modules/networking/firewall/variables.tf +++ b/modules/networking/firewall/variables.tf @@ -1,4 +1,6 @@ -variable global_settings {} +variable global_settings { + description = "Global settings object (see module README.md)" +} variable name { description = "(Required) Name of the Azure Firewall to be created" } @@ -32,4 +34,7 @@ variable diagnostic_profiles { default = {} } -variable base_tags {} \ No newline at end of file +variable base_tags { + description = "Base tags for the resource to be inherited from the resource group." + type = map +} \ No newline at end of file diff --git a/modules/networking/firewall_application_rule_collections/README.md b/modules/networking/firewall_application_rule_collections/README.md new file mode 100755 index 0000000000..2784522e57 --- /dev/null +++ b/modules/networking/firewall_application_rule_collections/README.md @@ -0,0 +1,43 @@ +# Azure Firewall - Application Rule Collections + +This submodule is part of Cloud Adoption Framework landing zones for Azure on Terraform. + +You can instantiate this submodule directly using the following parameters: + +``` +module "caf_firewall_application_rule_collections" { + source = "aztfmod/caf/azurerm//modules/networking/firewall_application_rule_collections" + version = "4.21.2" + # insert the 5 required variables here +} +``` + + +## Requirements + +| Name | Version | +|------|---------| +| terraform | >= 0.13 | + +## Providers + +| Name | Version | +|------|---------| +| azurecaf | n/a | +| azurerm | n/a | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| azure\_firewall\_name | (Required) Specifies the name of the Firewall in which the Network Rule Collection should be created. Changing this forces a new resource to be created. | `any` | n/a | yes | +| azurerm\_firewall\_application\_rule\_collection\_definition | n/a | `any` | n/a | yes | +| global\_settings | Global settings object (see module README.md) | `any` | n/a | yes | +| resource\_group\_name | (Required) Specifies the name of the Resource Group in which the Firewall exists. Changing this forces a new resource to be created. | `any` | n/a | yes | +| rule\_collections | (Required) One or more rules as defined https://www.terraform.io/docs/providers/azurerm/r/firewall_network_rule_collection.html | `any` | n/a | yes | + +## Outputs + +No output. + + \ No newline at end of file diff --git a/modules/networking/firewall_application_rule_collections/variables.tf b/modules/networking/firewall_application_rule_collections/variables.tf index 242db042ff..c04135e985 100755 --- a/modules/networking/firewall_application_rule_collections/variables.tf +++ b/modules/networking/firewall_application_rule_collections/variables.tf @@ -11,4 +11,6 @@ variable rule_collections { } variable azurerm_firewall_application_rule_collection_definition {} -variable global_settings {} \ No newline at end of file +variable global_settings { + description = "Global settings object (see module README.md)" +} \ No newline at end of file diff --git a/modules/networking/firewall_nat_rule_collections/README.md b/modules/networking/firewall_nat_rule_collections/README.md new file mode 100755 index 0000000000..2ad482c140 --- /dev/null +++ b/modules/networking/firewall_nat_rule_collections/README.md @@ -0,0 +1,43 @@ +# Azure Firewall - NAT Rule Collections + +This submodule is part of Cloud Adoption Framework landing zones for Azure on Terraform. + +You can instantiate this submodule directly using the following parameters: + +``` +module "caf_firewall_nat_rule_collections" { + source = "aztfmod/caf/azurerm//modules/networking/firewall_nat_rule_collections" + version = "4.21.2" + # insert the 5 required variables here +} +``` + + +## Requirements + +| Name | Version | +|------|---------| +| terraform | >= 0.13 | + +## Providers + +| Name | Version | +|------|---------| +| azurecaf | n/a | +| azurerm | n/a | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| azure\_firewall\_name | (Required) Specifies the name of the Firewall in which the Network Rule Collection should be created. Changing this forces a new resource to be created. | `any` | n/a | yes | +| azurerm\_firewall\_nat\_rule\_collection\_definition | n/a | `any` | n/a | yes | +| global\_settings | Global settings object (see module README.md) | `any` | n/a | yes | +| resource\_group\_name | (Required) Specifies the name of the Resource Group in which the Firewall exists. Changing this forces a new resource to be created. | `any` | n/a | yes | +| rule\_collections | (Required) One or more rules as defined https://www.terraform.io/docs/providers/azurerm/r/firewall_nat_rule_collection.html | `any` | n/a | yes | + +## Outputs + +No output. + + \ No newline at end of file diff --git a/modules/networking/firewall_nat_rule_collections/variables.tf b/modules/networking/firewall_nat_rule_collections/variables.tf index 4e8f308ec5..8180d182e8 100644 --- a/modules/networking/firewall_nat_rule_collections/variables.tf +++ b/modules/networking/firewall_nat_rule_collections/variables.tf @@ -11,4 +11,6 @@ variable rule_collections { } variable azurerm_firewall_nat_rule_collection_definition {} -variable global_settings {} \ No newline at end of file +variable global_settings { + description = "Global settings object (see module README.md)" +} \ No newline at end of file diff --git a/modules/networking/firewall_network_rule_collections/README.md b/modules/networking/firewall_network_rule_collections/README.md new file mode 100755 index 0000000000..d2b32d3b20 --- /dev/null +++ b/modules/networking/firewall_network_rule_collections/README.md @@ -0,0 +1,43 @@ +# Azure Firewall - Network Rule Collections + +This submodule is part of Cloud Adoption Framework landing zones for Azure on Terraform. + +You can instantiate this submodule directly using the following parameters: + +``` +module "caf_firewall_network_rule_collections" { + source = "aztfmod/caf/azurerm//modules/networking/firewall_network_rule_collections" + version = "4.21.2" + # insert the 5 required variables here +} +``` + + +## Requirements + +| Name | Version | +|------|---------| +| terraform | >= 0.13 | + +## Providers + +| Name | Version | +|------|---------| +| azurecaf | n/a | +| azurerm | n/a | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| azure\_firewall\_name | (Required) Specifies the name of the Firewall in which the Network Rule Collection should be created. Changing this forces a new resource to be created. | `any` | n/a | yes | +| azurerm\_firewall\_network\_rule\_collection\_definition | n/a | `any` | n/a | yes | +| global\_settings | Global settings object (see module README.md) | `any` | n/a | yes | +| resource\_group\_name | (Required) Specifies the name of the Resource Group in which the Firewall exists. Changing this forces a new resource to be created. | `any` | n/a | yes | +| rule\_collections | (Required) One or more rules as defined https://www.terraform.io/docs/providers/azurerm/r/firewall_network_rule_collection.html | `any` | n/a | yes | + +## Outputs + +No output. + + \ No newline at end of file diff --git a/modules/networking/firewall_network_rule_collections/variables.tf b/modules/networking/firewall_network_rule_collections/variables.tf index a5c8346ea5..2c6d3bcd23 100755 --- a/modules/networking/firewall_network_rule_collections/variables.tf +++ b/modules/networking/firewall_network_rule_collections/variables.tf @@ -11,4 +11,6 @@ variable rule_collections { } variable azurerm_firewall_network_rule_collection_definition {} -variable global_settings {} \ No newline at end of file +variable global_settings { + description = "Global settings object (see module README.md)" +} \ No newline at end of file diff --git a/modules/networking/front_door/README.md b/modules/networking/front_door/README.md new file mode 100755 index 0000000000..bc99eafa93 --- /dev/null +++ b/modules/networking/front_door/README.md @@ -0,0 +1,52 @@ +# Azure Front Door + +This submodule is part of Cloud Adoption Framework landing zones for Azure on Terraform. + +You can instantiate this submodule directly using the following parameters: + +``` +module "caf_front_door" { + source = "aztfmod/caf/azurerm//modules/networking/front_door" + version = "4.21.2" + # insert the 6 required variables here +} +``` + + +## Requirements + +| Name | Version | +|------|---------| +| terraform | >= 0.13 | + +## Providers + +| Name | Version | +|------|---------| +| azuread | n/a | +| azurecaf | n/a | +| azurerm | n/a | +| null | n/a | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| base\_tags | Base tags for the resource to be inherited from the resource group. | `map` | n/a | yes | +| client\_config | Client configuration object (see module README.md). | `any` | n/a | yes | +| diagnostics | n/a | `any` | n/a | yes | +| front\_door\_waf\_policies | n/a | `map` | `{}` | no | +| global\_settings | Global settings object (see module README.md) | `any` | n/a | yes | +| keyvault\_id | n/a | `map` | `{}` | no | +| resource\_group\_name | (Required) The name of the resource group where to create the resource. | `string` | n/a | yes | +| settings | n/a | `any` | n/a | yes | +| tags | n/a | `map` | `{}` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| frontend\_endpoints | n/a | +| id | n/a | + + \ No newline at end of file diff --git a/modules/networking/front_door/keyvault_permissions.tf b/modules/networking/front_door/keyvault_permissions.tf index 832307cdab..1848f07060 100644 --- a/modules/networking/front_door/keyvault_permissions.tf +++ b/modules/networking/front_door/keyvault_permissions.tf @@ -9,8 +9,8 @@ locals { resource "null_resource" "front_door_service_principal" { provisioner "local-exec" { - command = format("az ad sp create --id %s", local.front_door_application_id) - on_failure = continue + command = format("az ad sp create --id %s", local.front_door_application_id) + on_failure = continue } } @@ -22,7 +22,7 @@ module access_policy { source = "../../security/keyvault_access_policies" client_config = var.client_config - keyvault_id = var.keyvault_id + keyvault_id = var.keyvault_id access_policies = { front_door_certificate = { diff --git a/modules/networking/front_door/variables.tf b/modules/networking/front_door/variables.tf index 23f792c111..c9012b91e9 100644 --- a/modules/networking/front_door/variables.tf +++ b/modules/networking/front_door/variables.tf @@ -1,14 +1,24 @@ -variable base_tags {} -variable client_config {} +variable base_tags { + description = "Base tags for the resource to be inherited from the resource group." + type = map +} +variable client_config { + description = "Client configuration object (see module README.md)." +} variable diagnostics {} variable front_door_waf_policies { default = {} } -variable global_settings {} +variable global_settings { + description = "Global settings object (see module README.md)" +} variable keyvault_id { default = {} } -variable resource_group_name {} +variable resource_group_name { + description = "(Required) The name of the resource group where to create the resource." + type = string +} variable settings {} variable tags { default = {} diff --git a/modules/networking/front_door_waf_policy/README.md b/modules/networking/front_door_waf_policy/README.md new file mode 100755 index 0000000000..ea11922a0b --- /dev/null +++ b/modules/networking/front_door_waf_policy/README.md @@ -0,0 +1,45 @@ +# Azure Front Door Web Application Firewall Policy + +This submodule is part of Cloud Adoption Framework landing zones for Azure on Terraform. + +You can instantiate this submodule directly using the following parameters: + +``` +module "caf_front_door_waf_policy" { + source = "aztfmod/caf/azurerm//modules/networking/front_door_waf_policy" + version = "4.21.2" + # insert the 4 required variables here +} +``` + + +## Requirements + +| Name | Version | +|------|---------| +| terraform | >= 0.13 | + +## Providers + +| Name | Version | +|------|---------| +| azurerm | n/a | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| base\_tags | Base tags for the resource to be inherited from the resource group. | `map` | n/a | yes | +| front\_door\_waf\_policies | n/a | `map` | `{}` | no | +| global\_settings | Global settings object (see module README.md) | `any` | n/a | yes | +| resource\_group\_name | (Required) The name of the resource group where to create the resource. | `string` | n/a | yes | +| settings | n/a | `any` | n/a | yes | +| tags | n/a | `map` | `{}` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| id | n/a | + + \ No newline at end of file diff --git a/modules/networking/front_door_waf_policy/output.tf b/modules/networking/front_door_waf_policy/output.tf index ada36325bc..50cd4491d5 100644 --- a/modules/networking/front_door_waf_policy/output.tf +++ b/modules/networking/front_door_waf_policy/output.tf @@ -2,4 +2,4 @@ output "id" { value = azurerm_frontdoor_firewall_policy.wafpolicy.id } - + diff --git a/modules/networking/front_door_waf_policy/variables.tf b/modules/networking/front_door_waf_policy/variables.tf index fa9e380c51..5a33af647e 100644 --- a/modules/networking/front_door_waf_policy/variables.tf +++ b/modules/networking/front_door_waf_policy/variables.tf @@ -1,10 +1,18 @@ -variable resource_group_name {} +variable resource_group_name { + description = "(Required) The name of the resource group where to create the resource." + type = string +} variable settings {} -variable base_tags {} +variable base_tags { + description = "Base tags for the resource to be inherited from the resource group." + type = map +} variable tags { default = {} } -variable global_settings {} +variable global_settings { + description = "Global settings object (see module README.md)" +} variable front_door_waf_policies { default = {} } diff --git a/modules/networking/front_door_waf_policy/waf_policy.tf b/modules/networking/front_door_waf_policy/waf_policy.tf index 9299811fe4..9edd78d339 100644 --- a/modules/networking/front_door_waf_policy/waf_policy.tf +++ b/modules/networking/front_door_waf_policy/waf_policy.tf @@ -1,5 +1,5 @@ resource "azurerm_frontdoor_firewall_policy" "wafpolicy" { - + name = var.settings.name resource_group_name = var.resource_group_name enabled = try(var.settings.enabled, true) diff --git a/modules/networking/local_network_gateways/README.md b/modules/networking/local_network_gateways/README.md new file mode 100755 index 0000000000..7b49fd8378 --- /dev/null +++ b/modules/networking/local_network_gateways/README.md @@ -0,0 +1,43 @@ +# Azure Local Network Gateway + +This submodule is part of Cloud Adoption Framework landing zones for Azure on Terraform. + +You can instantiate this submodule directly using the following parameters: + +``` +module "caf_local_network_gateways" { + source = "aztfmod/caf/azurerm//modules/networking/local_network_gateways" + version = "4.21.2" + # insert the 5 required variables here +} +``` + + +## Requirements + +No requirements. + +## Providers + +| Name | Version | +|------|---------| +| azurecaf | n/a | +| azurerm | n/a | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| base\_tags | Base tags for the resource to be inherited from the resource group. | `map` | n/a | yes | +| global\_settings | Global settings object (see module README.md) | `any` | n/a | yes | +| location | (Required) Specifies the supported Azure location where to create the resource. Changing this forces a new resource to be created. | `string` | n/a | yes | +| resource\_group\_name | (Required) The name of the resource group where to create the resource. | `string` | n/a | yes | +| settings | n/a | `any` | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| id | n/a | + + \ No newline at end of file diff --git a/modules/networking/local_network_gateways/variables.tf b/modules/networking/local_network_gateways/variables.tf index ff38df350b..edb1e1af47 100644 --- a/modules/networking/local_network_gateways/variables.tf +++ b/modules/networking/local_network_gateways/variables.tf @@ -1,8 +1,19 @@ -variable resource_group_name {} -variable location {} -variable base_tags {} +variable resource_group_name { + description = "(Required) The name of the resource group where to create the resource." + type = string +} +variable location { + description = "(Required) Specifies the supported Azure location where to create the resource. Changing this forces a new resource to be created." + type = string +} +variable base_tags { + description = "Base tags for the resource to be inherited from the resource group." + type = map +} variable settings {} -variable global_settings {} +variable global_settings { + description = "Global settings object (see module README.md)" +} diff --git a/modules/networking/network_watcher/README.md b/modules/networking/network_watcher/README.md new file mode 100755 index 0000000000..a5e084b687 --- /dev/null +++ b/modules/networking/network_watcher/README.md @@ -0,0 +1,46 @@ +# Azure Network Watcher + +This submodule is part of Cloud Adoption Framework landing zones for Azure on Terraform. + +You can instantiate this submodule directly using the following parameters: + +``` +module "caf_network_watcher" { + source = "aztfmod/caf/azurerm//modules/networking/network_watcher" + version = "4.21.2" + # insert the 5 required variables here +} +``` + + +## Requirements + +| Name | Version | +|------|---------| +| terraform | >= 0.13 | + +## Providers + +| Name | Version | +|------|---------| +| azurecaf | n/a | +| azurerm | n/a | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| base\_tags | Base tags for the resource to be inherited from the resource group. | `map` | n/a | yes | +| global\_settings | Global settings object (see module README.md) | `any` | n/a | yes | +| location | (Required) Specifies the supported Azure location where to create the resource. Changing this forces a new resource to be created. | `string` | n/a | yes | +| resource\_group\_name | (Required) The name of the resource group where to create the resource. | `string` | n/a | yes | +| settings | n/a | `map` | `{}` | no | +| tags | (Required) Map of tags to be applied to the resource | `map` | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| id | n/a | + + \ No newline at end of file diff --git a/modules/networking/network_watcher/variables.tf b/modules/networking/network_watcher/variables.tf index a44f8ed745..9c90af9d0c 100644 --- a/modules/networking/network_watcher/variables.tf +++ b/modules/networking/network_watcher/variables.tf @@ -1,8 +1,22 @@ -variable resource_group_name {} -variable location {} +variable resource_group_name { + description = "(Required) The name of the resource group where to create the resource." + type = string +} +variable location { + description = "(Required) Specifies the supported Azure location where to create the resource. Changing this forces a new resource to be created." + type = string +} variable settings { default = {} } -variable tags {} -variable base_tags {} -variable global_settings {} \ No newline at end of file +variable tags { + description = "(Required) Map of tags to be applied to the resource" + type = map +} +variable base_tags { + description = "Base tags for the resource to be inherited from the resource group." + type = map +} +variable global_settings { + description = "Global settings object (see module README.md)" +} \ No newline at end of file diff --git a/modules/networking/private-dns/README.md b/modules/networking/private-dns/README.md new file mode 100755 index 0000000000..bd8c60db08 --- /dev/null +++ b/modules/networking/private-dns/README.md @@ -0,0 +1,51 @@ +# Azure Private DNS Zone + +This submodule is part of Cloud Adoption Framework landing zones for Azure on Terraform. + +You can instantiate this submodule directly using the following parameters: + +``` +module "caf_private-dns" { + source = "aztfmod/caf/azurerm//modules/networking/private-dns" + version = "4.21.2" + # insert the 6 required variables here +} +``` + + +## Requirements + +| Name | Version | +|------|---------| +| terraform | >= 0.13 | + +## Providers + +| Name | Version | +|------|---------| +| azurecaf | n/a | +| azurerm | n/a | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| base\_tags | Base tags for the resource to be inherited from the resource group. | `map` | n/a | yes | +| client\_config | Client configuration object (see module README.md). | `any` | n/a | yes | +| global\_settings | Global settings object (see module README.md) | `any` | n/a | yes | +| name | n/a | `any` | n/a | yes | +| records | n/a | `any` | n/a | yes | +| resource\_group\_name | n/a | `any` | n/a | yes | +| tags | n/a | `map` | `{}` | no | +| vnet\_links | n/a | `map` | `{}` | no | +| vnets | n/a | `map` | `{}` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| id | n/a | +| name | n/a | +| resource\_group\_name | n/a | + + \ No newline at end of file diff --git a/modules/networking/private-dns/variables.tf b/modules/networking/private-dns/variables.tf index 4d813d3e82..0fa9c8fc52 100644 --- a/modules/networking/private-dns/variables.tf +++ b/modules/networking/private-dns/variables.tf @@ -1,5 +1,9 @@ -variable global_settings {} -variable client_config {} +variable global_settings { + description = "Global settings object (see module README.md)" +} +variable client_config { + description = "Client configuration object (see module README.md)." +} variable name { } @@ -16,7 +20,10 @@ variable vnet_links { variable vnets { default = {} } -variable base_tags {} +variable base_tags { + description = "Base tags for the resource to be inherited from the resource group." + type = map +} variable tags { default = {} } \ No newline at end of file diff --git a/modules/networking/private_endpoint/README.md b/modules/networking/private_endpoint/README.md new file mode 100755 index 0000000000..f28aab4837 --- /dev/null +++ b/modules/networking/private_endpoint/README.md @@ -0,0 +1,51 @@ +# Azure Private Endpoint + +This submodule is part of Cloud Adoption Framework landing zones for Azure on Terraform. + +You can instantiate this submodule directly using the following parameters: + +``` +module "caf_private_endpoint" { + source = "aztfmod/caf/azurerm//modules/networking/private_endpoint" + version = "4.21.2" + # insert the 8 required variables here +} +``` + + +## Requirements + +| Name | Version | +|------|---------| +| terraform | >= 0.13 | + +## Providers + +| Name | Version | +|------|---------| +| azurecaf | n/a | +| azurerm | n/a | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| base\_tags | Base tags for the resource to be inherited from the resource group. | `map` | n/a | yes | +| global\_settings | Global settings object (see module README.md) | `any` | n/a | yes | +| location | (Required) Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created. | `any` | n/a | yes | +| name | (Required) Specifies the name. Changing this forces a new resource to be created. | `string` | n/a | yes | +| resource\_group\_name | (Required) The name of the resource group. Changing this forces a new resource to be created. | `any` | n/a | yes | +| resource\_id | n/a | `any` | n/a | yes | +| settings | n/a | `any` | n/a | yes | +| subnet\_id | n/a | `any` | n/a | yes | +| subresource\_names | n/a | `list` | `[]` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| id | n/a | +| private\_dns\_zone\_configs | n/a | +| private\_dns\_zone\_group | n/a | + + \ No newline at end of file diff --git a/modules/networking/private_endpoint/variables.tf b/modules/networking/private_endpoint/variables.tf index c2f8d6a774..34d42d4a4e 100755 --- a/modules/networking/private_endpoint/variables.tf +++ b/modules/networking/private_endpoint/variables.tf @@ -15,8 +15,13 @@ variable location { variable subnet_id {} variable settings {} -variable global_settings {} -variable base_tags {} +variable global_settings { + description = "Global settings object (see module README.md)" +} +variable base_tags { + description = "Base tags for the resource to be inherited from the resource group." + type = map +} variable subresource_names { default = [] } \ No newline at end of file diff --git a/modules/networking/private_links/endpoints/README.md b/modules/networking/private_links/endpoints/README.md new file mode 100755 index 0000000000..49c2973d27 --- /dev/null +++ b/modules/networking/private_links/endpoints/README.md @@ -0,0 +1,44 @@ +# Azure Private Links + +This submodule is part of Cloud Adoption Framework landing zones for Azure on Terraform. + +You can instantiate this submodule directly using the following parameters: + +``` +module "caf_private_endpoint" { + source = "aztfmod/caf/azurerm//modules/networking/private_endpoint" + version = "4.21.2" + # insert the 8 required variables here +} +``` + + +## Requirements + +| Name | Version | +|------|---------| +| terraform | >= 0.13 | + +## Providers + +No provider. + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| base\_tags | Base tags for the resource to be inherited from the resource group. | `map` | n/a | yes | +| client\_config | Client configuration object (see module README.md). | `any` | n/a | yes | +| global\_settings | Global settings object (see module README.md) | `any` | n/a | yes | +| private\_dns | n/a | `any` | n/a | yes | +| private\_endpoints | n/a | `any` | n/a | yes | +| remote\_objects | n/a | `any` | n/a | yes | +| resource\_groups | n/a | `any` | n/a | yes | +| settings | n/a | `any` | n/a | yes | +| vnet | n/a | `any` | n/a | yes | + +## Outputs + +No output. + + \ No newline at end of file diff --git a/modules/networking/private_links/endpoints/private_endpoint/variables.tf b/modules/networking/private_links/endpoints/private_endpoint/variables.tf index 97e973f559..b23bfe106f 100644 --- a/modules/networking/private_links/endpoints/private_endpoint/variables.tf +++ b/modules/networking/private_links/endpoints/private_endpoint/variables.tf @@ -15,9 +15,16 @@ variable location { variable subnet_id {} variable settings {} -variable global_settings {} -variable client_config {} -variable base_tags {} +variable global_settings { + description = "Global settings object (see module README.md)" +} +variable client_config { + description = "Client configuration object (see module README.md)." +} +variable base_tags { + description = "Base tags for the resource to be inherited from the resource group." + type = map +} variable subresource_names {} variable private_dns { default = {} diff --git a/modules/networking/private_links/endpoints/subnet/variables.tf b/modules/networking/private_links/endpoints/subnet/variables.tf index fb696fda6e..5992fbf415 100644 --- a/modules/networking/private_links/endpoints/subnet/variables.tf +++ b/modules/networking/private_links/endpoints/subnet/variables.tf @@ -1,5 +1,9 @@ -variable global_settings {} -variable client_config {} +variable global_settings { + description = "Global settings object (see module README.md)" +} +variable client_config { + description = "Client configuration object (see module README.md)." +} variable resource_groups {} variable private_endpoints {} variable private_dns {} @@ -7,4 +11,7 @@ variable remote_objects {} variable subnet_id {} variable vnet_resource_group_name {} variable vnet_location {} -variable base_tags {} \ No newline at end of file +variable base_tags { + description = "Base tags for the resource to be inherited from the resource group." + type = map +} \ No newline at end of file diff --git a/modules/networking/private_links/endpoints/variables.tf b/modules/networking/private_links/endpoints/variables.tf index e66a8bb88a..15d6d9adfd 100644 --- a/modules/networking/private_links/endpoints/variables.tf +++ b/modules/networking/private_links/endpoints/variables.tf @@ -1,9 +1,16 @@ -variable global_settings {} -variable client_config {} +variable global_settings { + description = "Global settings object (see module README.md)" +} +variable client_config { + description = "Client configuration object (see module README.md)." +} variable settings {} variable resource_groups {} variable private_endpoints {} variable private_dns {} variable remote_objects {} variable vnet {} -variable base_tags {} \ No newline at end of file +variable base_tags { + description = "Base tags for the resource to be inherited from the resource group." + type = map +} \ No newline at end of file diff --git a/modules/networking/public_ip_addresses/README.md b/modules/networking/public_ip_addresses/README.md new file mode 100755 index 0000000000..36a2ba3bf7 --- /dev/null +++ b/modules/networking/public_ip_addresses/README.md @@ -0,0 +1,53 @@ +# Azure Public IP Address + +This submodule is part of Cloud Adoption Framework landing zones for Azure on Terraform. + +You can instantiate this submodule directly using the following parameters: + +``` +module "caf_public_ip_addresses" { + source = "aztfmod/caf/azurerm//modules/networking/public_ip_addresses" + version = "4.21.2" + # insert the 9 required variables here +} +``` + + +## Requirements + +No requirements. + +## Providers + +| Name | Version | +|------|---------| +| azurerm | n/a | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| allocation\_method | n/a | `string` | `"Dynamic"` | no | +| base\_tags | Base tags for the resource to be inherited from the resource group. | `map` | n/a | yes | +| diagnostic\_profiles | n/a | `map` | `{}` | no | +| diagnostics | n/a | `map` | `{}` | no | +| domain\_name\_label | n/a | `any` | `null` | no | +| idle\_timeout\_in\_minutes | n/a | `any` | `null` | no | +| ip\_version | n/a | `string` | `"IPv4"` | no | +| location | (Required) Specifies the supported Azure location where to create the resource. Changing this forces a new resource to be created. | `string` | n/a | yes | +| name | n/a | `any` | n/a | yes | +| resource\_group\_name | (Required) The name of the resource group where to create the resource. | `string` | n/a | yes | +| reverse\_fqdn | n/a | `any` | `null` | no | +| sku | n/a | `string` | `"Basic"` | no | +| tags | n/a | `any` | `null` | no | +| zones | n/a | `any` | `null` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| fqdn | n/a | +| id | n/a | +| ip\_address | n/a | + + \ No newline at end of file diff --git a/modules/networking/public_ip_addresses/variables.tf b/modules/networking/public_ip_addresses/variables.tf index e8e7aa3311..cb15ac8bcc 100755 --- a/modules/networking/public_ip_addresses/variables.tf +++ b/modules/networking/public_ip_addresses/variables.tf @@ -1,6 +1,12 @@ variable name {} -variable resource_group_name {} -variable location {} +variable resource_group_name { + description = "(Required) The name of the resource group where to create the resource." + type = string +} +variable location { + description = "(Required) Specifies the supported Azure location where to create the resource. Changing this forces a new resource to be created." + type = string +} variable sku { default = "Basic" } @@ -31,4 +37,7 @@ variable diagnostics { variable diagnostic_profiles { default = {} } -variable base_tags {} \ No newline at end of file +variable base_tags { + description = "Base tags for the resource to be inherited from the resource group." + type = map +} \ No newline at end of file diff --git a/modules/networking/route_tables/README.md b/modules/networking/route_tables/README.md new file mode 100755 index 0000000000..5943154c45 --- /dev/null +++ b/modules/networking/route_tables/README.md @@ -0,0 +1,44 @@ +# Azure Route Table + +This submodule is part of Cloud Adoption Framework landing zones for Azure on Terraform. + +You can instantiate this submodule directly using the following parameters: + +``` +module "caf_route_tables" { + source = "aztfmod/caf/azurerm//modules/networking/route_tables" + version = "4.21.2" + # insert the 6 required variables here +} +``` + + +## Requirements + +No requirements. + +## Providers + +| Name | Version | +|------|---------| +| azurerm | n/a | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| base\_tags | Base tags for the resource to be inherited from the resource group. | `map` | n/a | yes | +| disable\_bgp\_route\_propagation | n/a | `any` | n/a | yes | +| location | (Required) Specifies the supported Azure location where to create the resource. Changing this forces a new resource to be created. | `string` | n/a | yes | +| name | n/a | `any` | n/a | yes | +| resource\_group\_name | (Required) The name of the resource group where to create the resource. | `string` | n/a | yes | +| tags | (Required) Map of tags to be applied to the resource | `map` | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| id | n/a | +| name | n/a | + + \ No newline at end of file diff --git a/modules/networking/route_tables/variables.tf b/modules/networking/route_tables/variables.tf index c0ea773f83..b4696f8c8e 100755 --- a/modules/networking/route_tables/variables.tf +++ b/modules/networking/route_tables/variables.tf @@ -1,6 +1,18 @@ variable name {} -variable resource_group_name {} -variable location {} +variable resource_group_name { + description = "(Required) The name of the resource group where to create the resource." + type = string +} +variable location { + description = "(Required) Specifies the supported Azure location where to create the resource. Changing this forces a new resource to be created." + type = string +} variable disable_bgp_route_propagation {} -variable tags {} -variable base_tags {} \ No newline at end of file +variable tags { + description = "(Required) Map of tags to be applied to the resource" + type = map +} +variable base_tags { + description = "Base tags for the resource to be inherited from the resource group." + type = map +} \ No newline at end of file diff --git a/modules/networking/routes/README.md b/modules/networking/routes/README.md new file mode 100755 index 0000000000..b1ba70541d --- /dev/null +++ b/modules/networking/routes/README.md @@ -0,0 +1,45 @@ +# Azure Route + +This submodule is part of Cloud Adoption Framework landing zones for Azure on Terraform. + +You can instantiate this submodule directly using the following parameters: + +``` +module "caf_routes" { + source = "aztfmod/caf/azurerm//modules/networking/routes" + version = "4.21.2" + # insert the 8 required variables here +} +``` + + +## Requirements + +No requirements. + +## Providers + +| Name | Version | +|------|---------| +| azurerm | n/a | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| address\_prefix | n/a | `any` | n/a | yes | +| name | n/a | `any` | n/a | yes | +| next\_hop\_in\_ip\_address | n/a | `any` | `null` | no | +| next\_hop\_in\_ip\_address\_fw | n/a | `any` | `null` | no | +| next\_hop\_in\_ip\_address\_vm | n/a | `any` | `null` | no | +| next\_hop\_type | n/a | `any` | n/a | yes | +| resource\_group\_name | (Required) The name of the resource group where to create the resource. | `string` | n/a | yes | +| route\_table\_name | n/a | `any` | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| id | n/a | + + \ No newline at end of file diff --git a/modules/networking/routes/variables.tf b/modules/networking/routes/variables.tf index 5dbcaad300..781b3711ba 100755 --- a/modules/networking/routes/variables.tf +++ b/modules/networking/routes/variables.tf @@ -1,5 +1,8 @@ variable name {} -variable resource_group_name {} +variable resource_group_name { + description = "(Required) The name of the resource group where to create the resource." + type = string +} variable route_table_name {} variable address_prefix {} variable next_hop_type {} diff --git a/modules/networking/virtual_network/README.md b/modules/networking/virtual_network/README.md new file mode 100755 index 0000000000..36f1119207 --- /dev/null +++ b/modules/networking/virtual_network/README.md @@ -0,0 +1,56 @@ +# Azure Virtual Network + +This submodule is part of Cloud Adoption Framework landing zones for Azure on Terraform. + +You can instantiate this submodule directly using the following parameters: + +``` +module "caf_virtual_network" { + source = "aztfmod/caf/azurerm//modules/networking/virtual_network" + version = "4.21.2" + # insert the 8 required variables here +} +``` + + +## Requirements + +No requirements. + +## Providers + +| Name | Version | +|------|---------| +| azurecaf | n/a | +| azurerm | n/a | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| base\_tags | Base tags for the resource to be inherited from the resource group. | `map` | n/a | yes | +| ddos\_id | (Optional) ID of the DDoS protection plan if exists | `string` | `""` | no | +| diagnostics | (Required) Diagnostics object with the definitions and destination services | `any` | n/a | yes | +| global\_settings | Global settings object (see module README.md) | `any` | n/a | yes | +| location | (Required) Specifies the Azure location to deploy the resource. Changing this forces a new resource to be created. | `string` | n/a | yes | +| netwatcher | (Optional) is a map with two attributes: name, rg who describes the name and rg where the netwatcher was already deployed | `map` | `{}` | no | +| network\_security\_group\_definition | n/a | `any` | n/a | yes | +| network\_watchers | n/a | `map` | `{}` | no | +| resource\_group\_name | (Required) Name of the resource group where to create the resource. Changing this forces a new resource to be created. | `string` | n/a | yes | +| route\_tables | n/a | `map` | `{}` | no | +| settings | (Required) configuration object describing the networking configuration, as described in README | `any` | n/a | yes | +| tags | (Required) map of tags for the deployment | `any` | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| address\_space | Virutal Network address\_space | +| dns\_servers | Virutal Network dns\_servers | +| id | Virutal Network id | +| location | Azure region of the virtual network | +| name | Virutal Network name | +| resource\_group\_name | Virutal Network resource\_group\_name | +| subnets | Returns all the subnets objects in the Virtual Network. As a map of keys, ID | + + \ No newline at end of file diff --git a/modules/networking/virtual_network/nsg/variables.tf b/modules/networking/virtual_network/nsg/variables.tf index a0522a1873..9e79c3f0aa 100644 --- a/modules/networking/virtual_network/nsg/variables.tf +++ b/modules/networking/virtual_network/nsg/variables.tf @@ -31,7 +31,9 @@ variable link_nsg_to_subnet { default = true } -variable global_settings {} +variable global_settings { + description = "Global settings object (see module README.md)" +} variable network_watchers { default = {} diff --git a/modules/networking/virtual_network/subnet/variables.tf b/modules/networking/virtual_network/subnet/variables.tf index 9fe5c4fbeb..ee4296cb29 100644 --- a/modules/networking/virtual_network/subnet/variables.tf +++ b/modules/networking/virtual_network/subnet/variables.tf @@ -29,5 +29,7 @@ variable service_endpoints { # } } -variable global_settings {} +variable global_settings { + description = "Global settings object (see module README.md)" +} variable settings {} \ No newline at end of file diff --git a/modules/networking/virtual_network/variables.tf b/modules/networking/virtual_network/variables.tf index 249f5200a4..bad6f1b4a5 100644 --- a/modules/networking/virtual_network/variables.tf +++ b/modules/networking/virtual_network/variables.tf @@ -37,8 +37,13 @@ variable route_tables { default = {} } -variable global_settings {} -variable base_tags {} +variable global_settings { + description = "Global settings object (see module README.md)" +} +variable base_tags { + description = "Base tags for the resource to be inherited from the resource group." + type = map +} variable network_watchers { default = {} } \ No newline at end of file diff --git a/modules/networking/virtual_network_gateway_connections/README.md b/modules/networking/virtual_network_gateway_connections/README.md new file mode 100755 index 0000000000..7ee9e2df29 --- /dev/null +++ b/modules/networking/virtual_network_gateway_connections/README.md @@ -0,0 +1,49 @@ +# Azure Virtual Network Gateway Connection + +This submodule is part of Cloud Adoption Framework landing zones for Azure on Terraform. + +You can instantiate this submodule directly using the following parameters: + +``` +module "caf_virtual_network_gateway_connections" { + source = "aztfmod/caf/azurerm//modules/networking/virtual_network_gateway_connections" + version = "4.21.2" + # insert the 11 required variables here +} +``` + + +## Requirements + +No requirements. + +## Providers + +| Name | Version | +|------|---------| +| azurecaf | n/a | +| azurerm | n/a | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| authorization\_key | n/a | `any` | n/a | yes | +| base\_tags | Base tags for the resource to be inherited from the resource group. | `map` | n/a | yes | +| client\_config | Client configuration object (see module README.md). | `any` | n/a | yes | +| diagnostics | n/a | `any` | n/a | yes | +| express\_route\_circuit\_id | n/a | `any` | n/a | yes | +| global\_settings | Global settings object (see module README.md) | `any` | n/a | yes | +| local\_network\_gateway\_id | n/a | `any` | n/a | yes | +| location | (Required) Specifies the supported Azure location where to create the resource. Changing this forces a new resource to be created. | `string` | n/a | yes | +| resource\_group\_name | (Required) The name of the resource group where to create the resource. | `string` | n/a | yes | +| settings | n/a | `any` | n/a | yes | +| virtual\_network\_gateway\_id | n/a | `any` | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| id | n/a | + + \ No newline at end of file diff --git a/modules/networking/virtual_network_gateway_connections/variables.tf b/modules/networking/virtual_network_gateway_connections/variables.tf index 8c96ec3d4d..943b696183 100644 --- a/modules/networking/virtual_network_gateway_connections/variables.tf +++ b/modules/networking/virtual_network_gateway_connections/variables.tf @@ -1,10 +1,23 @@ -variable resource_group_name {} -variable location {} -variable base_tags {} +variable resource_group_name { + description = "(Required) The name of the resource group where to create the resource." + type = string +} +variable location { + description = "(Required) Specifies the supported Azure location where to create the resource. Changing this forces a new resource to be created." + type = string +} +variable base_tags { + description = "Base tags for the resource to be inherited from the resource group." + type = map +} variable settings {} -variable global_settings {} +variable global_settings { + description = "Global settings object (see module README.md)" +} variable diagnostics {} -variable client_config {} +variable client_config { + description = "Client configuration object (see module README.md)." +} variable express_route_circuit_id {} variable authorization_key {} variable virtual_network_gateway_id {} diff --git a/modules/networking/virtual_network_gateways/README.md b/modules/networking/virtual_network_gateways/README.md new file mode 100755 index 0000000000..ea1ebfb42f --- /dev/null +++ b/modules/networking/virtual_network_gateways/README.md @@ -0,0 +1,47 @@ +# Azure Virtual Network Gateway + +This submodule is part of Cloud Adoption Framework landing zones for Azure on Terraform. + +You can instantiate this submodule directly using the following parameters: + +``` +module "caf_virtual_network_gateways" { + source = "aztfmod/caf/azurerm//modules/networking/virtual_network_gateways" + version = "4.21.2" + # insert the 9 required variables here +} +``` + + +## Requirements + +No requirements. + +## Providers + +| Name | Version | +|------|---------| +| azurecaf | n/a | +| azurerm | n/a | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| base\_tags | Base tags for the resource to be inherited from the resource group. | `map` | n/a | yes | +| client\_config | Client configuration object (see module README.md). | `any` | n/a | yes | +| diagnostics | n/a | `any` | n/a | yes | +| global\_settings | Global settings object (see module README.md) | `any` | n/a | yes | +| location | (Required) Specifies the supported Azure location where to create the resource. Changing this forces a new resource to be created. | `string` | n/a | yes | +| public\_ip\_addresses | n/a | `any` | n/a | yes | +| resource\_group\_name | (Required) The name of the resource group where to create the resource. | `string` | n/a | yes | +| settings | n/a | `any` | n/a | yes | +| vnets | n/a | `any` | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| id | n/a | + + \ No newline at end of file diff --git a/modules/networking/virtual_network_gateways/variables.tf b/modules/networking/virtual_network_gateways/variables.tf index a3e8e82759..9c74b280c7 100644 --- a/modules/networking/virtual_network_gateways/variables.tf +++ b/modules/networking/virtual_network_gateways/variables.tf @@ -1,11 +1,24 @@ -variable resource_group_name {} -variable location {} -variable base_tags {} +variable resource_group_name { + description = "(Required) The name of the resource group where to create the resource." + type = string +} +variable location { + description = "(Required) Specifies the supported Azure location where to create the resource. Changing this forces a new resource to be created." + type = string +} +variable base_tags { + description = "Base tags for the resource to be inherited from the resource group." + type = map +} variable settings {} -variable global_settings {} +variable global_settings { + description = "Global settings object (see module README.md)" +} variable diagnostics {} variable vnets {} -variable client_config {} +variable client_config { + description = "Client configuration object (see module README.md)." +} variable public_ip_addresses {} diff --git a/modules/networking/virtual_wan/README.md b/modules/networking/virtual_wan/README.md new file mode 100755 index 0000000000..7db178cc2a --- /dev/null +++ b/modules/networking/virtual_wan/README.md @@ -0,0 +1,46 @@ +# Azure Virtual WAN + +This submodule is part of Cloud Adoption Framework landing zones for Azure on Terraform. + +You can instantiate this submodule directly using the following parameters: + +``` +module "caf_virtual_wan" { + source = "aztfmod/caf/azurerm//modules/networking/virtual_wan" + version = "4.21.2" + # insert the 7 required variables here +} +``` + + +## Requirements + +No requirements. + +## Providers + +| Name | Version | +|------|---------| +| azurecaf | n/a | +| azurerm | n/a | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| base\_tags | Base tags for the resource to be inherited from the resource group. | `map` | n/a | yes | +| diagnostics | n/a | `any` | n/a | yes | +| global\_settings | Global settings object (see module README.md) | `any` | n/a | yes | +| location | (Required) Specifies the supported Azure location where to create the resource. Changing this forces a new resource to be created. | `string` | n/a | yes | +| resource\_group\_name | (Required) The name of the resource group where to create the resource. | `string` | n/a | yes | +| resource\_groups | n/a | `any` | n/a | yes | +| settings | n/a | `any` | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| virtual\_hubs | Virtual Hubs object | +| virtual\_wan | Virtual WAN object | + + \ No newline at end of file diff --git a/modules/networking/virtual_wan/variables.tf b/modules/networking/virtual_wan/variables.tf index fac553430c..13ed26ee15 100644 --- a/modules/networking/virtual_wan/variables.tf +++ b/modules/networking/virtual_wan/variables.tf @@ -1,7 +1,18 @@ variable settings {} variable resource_groups {} -variable resource_group_name {} -variable location {} +variable resource_group_name { + description = "(Required) The name of the resource group where to create the resource." + type = string +} +variable location { + description = "(Required) Specifies the supported Azure location where to create the resource. Changing this forces a new resource to be created." + type = string +} variable diagnostics {} -variable global_settings {} -variable base_tags {} \ No newline at end of file +variable global_settings { + description = "Global settings object (see module README.md)" +} +variable base_tags { + description = "Base tags for the resource to be inherited from the resource group." + type = map +} \ No newline at end of file diff --git a/modules/recovery_vault/README.md b/modules/recovery_vault/README.md new file mode 100755 index 0000000000..8c416318e7 --- /dev/null +++ b/modules/recovery_vault/README.md @@ -0,0 +1,55 @@ +# Azure Site Recovery Vault + +This submodule is part of Cloud Adoption Framework landing zones for Azure on Terraform. + +You can instantiate this submodule directly using the following parameters: + +``` +module "caf_recovery_vault" { + source = "aztfmod/caf/azurerm//modules/recovery_vault" + version = "4.21.2" + # insert the 11 required variables here +} +``` + + +## Requirements + +No requirements. + +## Providers + +| Name | Version | +|------|---------| +| azurecaf | n/a | +| azurerm | n/a | +| time | n/a | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| base\_tags | Base tags for the resource to be inherited from the resource group. | `map` | n/a | yes | +| client\_config | Client configuration object (see module README.md). | `any` | n/a | yes | +| diagnostics | n/a | `any` | n/a | yes | +| global\_settings | Global settings object (see module README.md) | `any` | n/a | yes | +| identity | n/a | `any` | `null` | no | +| location | (Required) Specifies the supported Azure location where to create the resource. Changing this forces a new resource to be created. | `string` | n/a | yes | +| private\_endpoints | n/a | `any` | n/a | yes | +| resource\_group\_name | (Required) The name of the resource group where to create the resource. | `string` | n/a | yes | +| resource\_groups | n/a | `any` | n/a | yes | +| settings | n/a | `any` | n/a | yes | +| vnets | n/a | `any` | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| backup\_policies | Output the set of backup policies in this vault | +| id | Output the object ID | +| name | Output the object name | +| replication\_policies | Ouput the set of replication policies in the vault | +| resource\_group\_name | Output the resource group name | +| soft\_delete\_enabled | Boolean indicating if soft deleted is enabled on the vault. | + + \ No newline at end of file diff --git a/modules/recovery_vault/outputs.tf b/modules/recovery_vault/outputs.tf index d5ffeef6a2..5859812325 100644 --- a/modules/recovery_vault/outputs.tf +++ b/modules/recovery_vault/outputs.tf @@ -17,7 +17,6 @@ output "backup_policies" { virtual_machines = azurerm_backup_policy_vm.vm file_shares = azurerm_backup_policy_file_share.fs } - } output "replication_policies" { @@ -26,12 +25,13 @@ output "replication_policies" { } output "resource_group_name" { - description = "Output the object ID" + description = "Output the resource group name" value = var.resource_group_name } output soft_delete_enabled { - value = try(var.settings.soft_delete_enabled, true) + description = "Boolean indicating if soft deleted is enabled on the vault." + value = try(var.settings.soft_delete_enabled, true) } # output rbac_id { diff --git a/modules/recovery_vault/variables.tf b/modules/recovery_vault/variables.tf index c12e1d927b..f1428b7d0d 100644 --- a/modules/recovery_vault/variables.tf +++ b/modules/recovery_vault/variables.tf @@ -1,12 +1,25 @@ -variable location {} +variable location { + description = "(Required) Specifies the supported Azure location where to create the resource. Changing this forces a new resource to be created." + type = string +} variable settings {} -variable global_settings {} -variable resource_group_name {} +variable global_settings { + description = "Global settings object (see module README.md)" +} +variable resource_group_name { + description = "(Required) The name of the resource group where to create the resource." + type = string +} variable diagnostics {} -variable base_tags {} +variable base_tags { + description = "Base tags for the resource to be inherited from the resource group." + type = map +} variable private_endpoints {} variable vnets {} -variable client_config {} +variable client_config { + description = "Client configuration object (see module README.md)." +} variable resource_groups {} variable identity { default = null diff --git a/modules/redis_cache/README.md b/modules/redis_cache/README.md new file mode 100755 index 0000000000..a739c20464 --- /dev/null +++ b/modules/redis_cache/README.md @@ -0,0 +1,46 @@ +# Azure Redis Cache + +This submodule is part of Cloud Adoption Framework landing zones for Azure on Terraform. + +You can instantiate this submodule directly using the following parameters: + +``` +module "caf_redis_cache" { + source = "aztfmod/caf/azurerm//modules/redis_cache" + version = "4.21.2" + # insert the 6 required variables here +} +``` + + +## Requirements + +| Name | Version | +|------|---------| +| terraform | >= 0.13 | + +## Providers + +| Name | Version | +|------|---------| +| azurecaf | n/a | +| azurerm | n/a | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| base\_tags | Base tags for the resource to be inherited from the resource group. | `map` | n/a | yes | +| global\_settings | Global settings object (see module README.md) | `any` | n/a | yes | +| location | (Required) Specifies the supported Azure location where to create the resource. Changing this forces a new resource to be created. | `string` | n/a | yes | +| redis | n/a | `any` | n/a | yes | +| resource\_group\_name | (Required) The name of the resource group where to create the resource. | `string` | n/a | yes | +| tags | (Required) Map of tags to be applied to the resource | `map` | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| redis\_cache | n/a | + + \ No newline at end of file diff --git a/modules/redis_cache/variables.tf b/modules/redis_cache/variables.tf index 928b23e28a..061febd156 100644 --- a/modules/redis_cache/variables.tf +++ b/modules/redis_cache/variables.tf @@ -1,11 +1,25 @@ -variable resource_group_name {} +variable resource_group_name { + description = "(Required) The name of the resource group where to create the resource." + type = string +} -variable location {} +variable location { + description = "(Required) Specifies the supported Azure location where to create the resource. Changing this forces a new resource to be created." + type = string +} -variable tags {} +variable tags { + description = "(Required) Map of tags to be applied to the resource" + type = map +} variable redis {} -variable global_settings {} +variable global_settings { + description = "Global settings object (see module README.md)" +} -variable base_tags {} \ No newline at end of file +variable base_tags { + description = "Base tags for the resource to be inherited from the resource group." + type = map +} \ No newline at end of file diff --git a/modules/resource_group/README.md b/modules/resource_group/README.md new file mode 100755 index 0000000000..f82adc0380 --- /dev/null +++ b/modules/resource_group/README.md @@ -0,0 +1,47 @@ +# Azure Resource group +This submodule is part of Cloud Adoption Framework landing zones for Azure on Terraform. + +You can instantiate this submodule directly using the following parameters: + +``` +module "caf_resource_group" { + source = "aztfmod/caf/azurerm//modules/resource_group" + version = "4.21.2" + # insert the 4 required variables here +} +``` + + +## Requirements + +| Name | Version | +|------|---------| +| terraform | >= 0.13 | + +## Providers + +| Name | Version | +|------|---------| +| azurecaf | n/a | +| azurerm | n/a | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| global\_settings | Global settings object (see module README.md) | `any` | n/a | yes | +| resource\_group\_name | (Required) The name of the resource group where to create the resource. | `string` | n/a | yes | +| settings | n/a | `any` | n/a | yes | +| tags | (Required) Map of tags to be applied to the resource | `map` | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| id | n/a | +| location | n/a | +| name | n/a | +| rbac\_id | n/a | +| tags | n/a | + + \ No newline at end of file diff --git a/modules/resource_group/variables.tf b/modules/resource_group/variables.tf index 737efe922c..c1b9d9f8b9 100644 --- a/modules/resource_group/variables.tf +++ b/modules/resource_group/variables.tf @@ -1,4 +1,12 @@ -variable global_settings {} -variable tags {} +variable global_settings { + description = "Global settings object (see module README.md)" +} +variable tags { + description = "(Required) Map of tags to be applied to the resource" + type = map +} variable settings {} -variable resource_group_name {} +variable resource_group_name { + description = "(Required) The name of the resource group where to create the resource." + type = string +} diff --git a/modules/roles/custom_roles/README.md b/modules/roles/custom_roles/README.md new file mode 100755 index 0000000000..b868a9c7b8 --- /dev/null +++ b/modules/roles/custom_roles/README.md @@ -0,0 +1,43 @@ +# Azure Custom Role +This submodule is part of Cloud Adoption Framework landing zones for Azure on Terraform. + +You can instantiate this submodule directly using the following parameters: + +``` +module "caf_custom_roles" { + source = "aztfmod/caf/azurerm//modules/roles/custom_roles" + version = "4.21.2" + # insert the 3 required variables here +} +``` + + +## Requirements + +| Name | Version | +|------|---------| +| terraform | >= 0.13 | + +## Providers + +| Name | Version | +|------|---------| +| azurecaf | n/a | +| azurerm | n/a | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| custom\_role | n/a | `any` | n/a | yes | +| global\_settings | Global settings object (see module README.md) | `any` | n/a | yes | +| subscription\_primary | n/a | `any` | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| id | n/a | +| role\_definition\_resource\_id | n/a | + + \ No newline at end of file diff --git a/modules/roles/custom_roles/variables.tf b/modules/roles/custom_roles/variables.tf index fa5458c559..281ecdfe79 100755 --- a/modules/roles/custom_roles/variables.tf +++ b/modules/roles/custom_roles/variables.tf @@ -1,3 +1,5 @@ variable custom_role {} variable subscription_primary {} -variable global_settings {} +variable global_settings { + description = "Global settings object (see module README.md)" +} diff --git a/modules/roles/role_assignment/README.md b/modules/roles/role_assignment/README.md new file mode 100755 index 0000000000..f044b8d43d --- /dev/null +++ b/modules/roles/role_assignment/README.md @@ -0,0 +1,41 @@ +# Azure Role Assignment +This submodule is part of Cloud Adoption Framework landing zones for Azure on Terraform. + +You can instantiate this submodule directly using the following parameters: + +``` +module "caf_custom_roles" { + source = "aztfmod/caf/azurerm//modules/roles/custom_roles" + version = "4.21.2" + # insert the 3 required variables here +} +``` + + +## Requirements + +No requirements. + +## Providers + +No provider. + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| azuread\_apps | n/a | `map` | `{}` | no | +| azuread\_groups | n/a | `map` | `{}` | no | +| client\_config | Client configuration object (see module README.md). | `any` | n/a | yes | +| custom\_roles | n/a | `map` | `{}` | no | +| managed\_identities | n/a | `map` | `{}` | no | +| mode | n/a | `any` | n/a | yes | +| object\_id | n/a | `map` | `{}` | no | +| role\_mappings | n/a | `any` | n/a | yes | +| scope | n/a | `any` | n/a | yes | + +## Outputs + +No output. + + \ No newline at end of file diff --git a/modules/roles/role_assignment/assignment/variables.tf b/modules/roles/role_assignment/assignment/variables.tf index 3129bf2280..61a5827a5e 100755 --- a/modules/roles/role_assignment/assignment/variables.tf +++ b/modules/roles/role_assignment/assignment/variables.tf @@ -9,4 +9,6 @@ variable keys {} variable azuread_apps {} variable azuread_groups {} variable managed_identities {} -variable client_config {} \ No newline at end of file +variable client_config { + description = "Client configuration object (see module README.md)." +} \ No newline at end of file diff --git a/modules/roles/role_assignment/variables.tf b/modules/roles/role_assignment/variables.tf index 8edfa687fb..2d83db43a1 100755 --- a/modules/roles/role_assignment/variables.tf +++ b/modules/roles/role_assignment/variables.tf @@ -16,4 +16,6 @@ variable managed_identities { variable object_id { default = {} } -variable client_config {} \ No newline at end of file +variable client_config { + description = "Client configuration object (see module README.md)." +} \ No newline at end of file diff --git a/modules/security/dynamic_keyvault_secrets/README.md b/modules/security/dynamic_keyvault_secrets/README.md new file mode 100755 index 0000000000..16cbaf68c1 --- /dev/null +++ b/modules/security/dynamic_keyvault_secrets/README.md @@ -0,0 +1,38 @@ +# Azure Dynamic Key Vault Secrets + +This submodule is part of Cloud Adoption Framework landing zones for Azure on Terraform. + +You can instantiate this submodule directly using the following parameters: + +``` +module "caf_dynamic_keyvault_secrets" { + source = "aztfmod/caf/azurerm//modules/security/dynamic_keyvault_secrets" + version = "4.21.2" + # insert the 2 required variables here +} +``` + + +## Requirements + +No requirements. + +## Providers + +| Name | Version | +|------|---------| +| external | n/a | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| keyvault | n/a | `any` | n/a | yes | +| objects | n/a | `map` | `{}` | no | +| settings | n/a | `any` | n/a | yes | + +## Outputs + +No output. + + \ No newline at end of file diff --git a/modules/security/dynamic_keyvault_secrets/keyvault.tf b/modules/security/dynamic_keyvault_secrets/keyvault.tf index eed08e7739..b3f5ca4692 100644 --- a/modules/security/dynamic_keyvault_secrets/keyvault.tf +++ b/modules/security/dynamic_keyvault_secrets/keyvault.tf @@ -1,5 +1,5 @@ module secret { - source = "./secret" + source = "./secret" depends_on = [data.external.purge_secret] for_each = { for key, value in var.settings : key => value @@ -12,7 +12,7 @@ module secret { } module secret_value { - source = "./secret" + source = "./secret" depends_on = [data.external.purge_secret] for_each = { for key, value in var.settings : key => value @@ -25,7 +25,7 @@ module secret_value { } module secret_immutable { - source = "./secret_immutable" + source = "./secret_immutable" depends_on = [data.external.purge_secret] for_each = { for key, value in var.settings : key => value diff --git a/modules/security/dynamic_keyvault_secrets/secret_purge.tf b/modules/security/dynamic_keyvault_secrets/secret_purge.tf index ce7a2b7eaf..e466fe406e 100644 --- a/modules/security/dynamic_keyvault_secrets/secret_purge.tf +++ b/modules/security/dynamic_keyvault_secrets/secret_purge.tf @@ -1,17 +1,17 @@ # -# Workaround until +# Workaround until # data external deleted_secrets { for_each = var.settings program = [ - "bash", - "-c", + "bash", + "-c", format( - "az keyvault secret list-deleted --vault-name '%s' --query \"[?name=='%s'].{recoveryId: recoveryId}\" -o json | jq -rce '.[0] // {}'", - var.keyvault.name, - each.value.secret_name + "az keyvault secret list-deleted --vault-name '%s' --query \"[?name=='%s'].{recoveryId: recoveryId}\" -o json | jq -rce '.[0] // {}'", + var.keyvault.name, + each.value.secret_name ) ] } @@ -22,11 +22,11 @@ locals { data external purge_secret { depends_on = [data.external.deleted_secrets] - for_each = var.settings + for_each = var.settings program = [ - "bash", - "-c", + "bash", + "-c", try(format("az keyvault secret purge --id %s -o json | jq -rce '. // {}'", local.deleted_secrets[each.key].result.recovery), "jq -nr '{}'") ] } diff --git a/modules/security/keyvault/README.md b/modules/security/keyvault/README.md new file mode 100755 index 0000000000..45492be68d --- /dev/null +++ b/modules/security/keyvault/README.md @@ -0,0 +1,53 @@ +# Azure Key Vault + +This submodule is part of Cloud Adoption Framework landing zones for Azure on Terraform. + +You can instantiate this submodule directly using the following parameters: + +``` +module "caf_keyvault" { + source = "aztfmod/caf/azurerm//modules/security/keyvault" + version = "4.21.2" + # insert the 5 required variables here +} +``` + + +## Requirements + +| Name | Version | +|------|---------| +| terraform | >= 0.13 | + +## Providers + +| Name | Version | +|------|---------| +| azurecaf | n/a | +| azurerm | n/a | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| azuread\_groups | n/a | `map` | `{}` | no | +| base\_tags | Base tags for the resource to be inherited from the resource group. | `map` | n/a | yes | +| client\_config | Client configuration object (see module README.md). | `any` | n/a | yes | +| diagnostics | For diagnostics settings | `map` | `{}` | no | +| global\_settings | Global settings object (see module README.md) | `any` | n/a | yes | +| managed\_identities | n/a | `map` | `{}` | no | +| resource\_groups | n/a | `any` | n/a | yes | +| settings | n/a | `any` | n/a | yes | +| vnets | n/a | `map` | `{}` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| base\_tags | n/a | +| id | n/a | +| name | n/a | +| rbac\_id | n/a | +| vault\_uri | n/a | + + \ No newline at end of file diff --git a/modules/security/keyvault/examples/101-simple/variables.tf b/modules/security/keyvault/examples/101-simple/variables.tf index 64e2dbeb14..c9a568320c 100755 --- a/modules/security/keyvault/examples/101-simple/variables.tf +++ b/modules/security/keyvault/examples/101-simple/variables.tf @@ -1,3 +1,5 @@ -variable global_settings {} +variable global_settings { + description = "Global settings object (see module README.md)" +} variable resource_groups {} variable keyvaults {} \ No newline at end of file diff --git a/modules/security/keyvault/examples/102-with-networking/variables.tf b/modules/security/keyvault/examples/102-with-networking/variables.tf index c1c309648a..69cb7dc999 100755 --- a/modules/security/keyvault/examples/102-with-networking/variables.tf +++ b/modules/security/keyvault/examples/102-with-networking/variables.tf @@ -1,4 +1,6 @@ -variable global_settings {} +variable global_settings { + description = "Global settings object (see module README.md)" +} variable resource_groups {} variable keyvaults {} variable keyvault_id {} diff --git a/modules/security/keyvault/variables.tf b/modules/security/keyvault/variables.tf index ca9a934b13..0b55fea08c 100755 --- a/modules/security/keyvault/variables.tf +++ b/modules/security/keyvault/variables.tf @@ -1,5 +1,9 @@ -variable global_settings {} -variable client_config {} +variable global_settings { + description = "Global settings object (see module README.md)" +} +variable client_config { + description = "Client configuration object (see module README.md)." +} variable resource_groups {} variable settings {} variable vnets { @@ -15,4 +19,7 @@ variable managed_identities { variable diagnostics { default = {} } -variable base_tags {} \ No newline at end of file +variable base_tags { + description = "Base tags for the resource to be inherited from the resource group." + type = map +} \ No newline at end of file diff --git a/modules/security/keyvault_access_policies/README.md b/modules/security/keyvault_access_policies/README.md new file mode 100755 index 0000000000..9cf2ac44a6 --- /dev/null +++ b/modules/security/keyvault_access_policies/README.md @@ -0,0 +1,41 @@ +# Azure Key Vault Access Policies + +This submodule is part of Cloud Adoption Framework landing zones for Azure on Terraform. + +You can instantiate this submodule directly using the following parameters: + +``` +module "caf_keyvault_access_policies" { + source = "aztfmod/caf/azurerm//modules/security/keyvault_access_policies" + version = "4.21.2" + # insert the 4 required variables here +} +``` + + +## Requirements + +No requirements. + +## Providers + +No provider. + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| access\_policies | n/a | `any` | n/a | yes | +| azuread\_apps | n/a | `map` | `{}` | no | +| azuread\_groups | n/a | `map` | `{}` | no | +| client\_config | Client configuration object (see module README.md). | `any` | n/a | yes | +| keyvault\_id | n/a | `any` | `null` | no | +| keyvault\_key | n/a | `any` | `null` | no | +| keyvaults | n/a | `map` | `{}` | no | +| managed\_identities | n/a | `map` | `{}` | no | + +## Outputs + +No output. + + \ No newline at end of file diff --git a/modules/security/keyvault_access_policies/access_policy/access_policy.tf b/modules/security/keyvault_access_policies/access_policy/access_policy.tf index 762296101b..2a41f112b8 100755 --- a/modules/security/keyvault_access_policies/access_policy/access_policy.tf +++ b/modules/security/keyvault_access_policies/access_policy/access_policy.tf @@ -7,7 +7,7 @@ resource "azurerm_key_vault_access_policy" "policy" { secret_permissions = try(var.access_policy.secret_permissions, null) certificate_permissions = try(var.access_policy.certificate_permissions, null) storage_permissions = try(var.access_policy.storage_permissions, null) - + timeouts { delete = "60m" diff --git a/modules/security/keyvault_access_policies/variables.tf b/modules/security/keyvault_access_policies/variables.tf index 523ca0aeb1..13ca787228 100755 --- a/modules/security/keyvault_access_policies/variables.tf +++ b/modules/security/keyvault_access_policies/variables.tf @@ -15,7 +15,9 @@ variable access_policies { } } -variable client_config {} +variable client_config { + description = "Client configuration object (see module README.md)." +} variable azuread_groups { default = {} } diff --git a/modules/security/keyvault_certificate/README.md b/modules/security/keyvault_certificate/README.md new file mode 100755 index 0000000000..2e4f8c6c36 --- /dev/null +++ b/modules/security/keyvault_certificate/README.md @@ -0,0 +1,41 @@ +# Azure Key Vault Certificate + +This submodule is part of Cloud Adoption Framework landing zones for Azure on Terraform. + +You can instantiate this submodule directly using the following parameters: + +``` +module "caf_keyvault_certificate" { + source = "aztfmod/caf/azurerm//modules/security/keyvault_certificate" + version = "4.21.2" + # insert the 2 required variables here +} +``` + + +## Requirements + +| Name | Version | +|------|---------| +| terraform | >= 0.13 | + +## Providers + +| Name | Version | +|------|---------| +| azurerm | n/a | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| keyvault | n/a | `any` | n/a | yes | +| settings | n/a | `any` | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| secret\_id | n/a | + + \ No newline at end of file diff --git a/modules/security/keyvault_certificate_issuer/README.md b/modules/security/keyvault_certificate_issuer/README.md new file mode 100755 index 0000000000..c6c90a600f --- /dev/null +++ b/modules/security/keyvault_certificate_issuer/README.md @@ -0,0 +1,51 @@ +# Azure Key Vault Certificate Issuer + +This submodule is part of Cloud Adoption Framework landing zones for Azure on Terraform. + +You can instantiate this submodule directly using the following parameters: + +``` +module "caf_keyvault_certificate_issuer" { + source = "aztfmod/caf/azurerm//modules/security/keyvault_certificate_issuer" + version = "4.21.2" + # insert the 11 required variables here +} +``` + + +## Requirements + +| Name | Version | +|------|---------| +| terraform | >= 0.13 | + +## Providers + +| Name | Version | +|------|---------| +| azurerm | n/a | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| account\_id | n/a | `any` | `null` | no | +| base\_tags | Base tags for the resource to be inherited from the resource group. | `map` | n/a | yes | +| global\_settings | Global settings object (see module README.md) | `any` | n/a | yes | +| issuer\_name | n/a | `any` | `null` | no | +| keyvault\_id | n/a | `any` | `null` | no | +| location | (Required) Specifies the supported Azure location where to create the resource. Changing this forces a new resource to be created. | `string` | n/a | yes | +| organization\_id | n/a | `any` | `null` | no | +| password | n/a | `any` | n/a | yes | +| provider\_name | n/a | `any` | `null` | no | +| resource\_group\_name | (Required) The name of the resource group where to create the resource. | `string` | n/a | yes | +| settings | n/a | `any` | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| id | n/a | +| name | n/a | + + \ No newline at end of file diff --git a/modules/security/keyvault_certificate_issuer/output.tf b/modules/security/keyvault_certificate_issuer/output.tf index 4dbec2faad..4351672365 100644 --- a/modules/security/keyvault_certificate_issuer/output.tf +++ b/modules/security/keyvault_certificate_issuer/output.tf @@ -3,5 +3,5 @@ output id { } output name { - value = azurerm_key_vault_certificate_issuer.keycertisr.name + value = azurerm_key_vault_certificate_issuer.keycertisr.name } diff --git a/modules/security/keyvault_certificate_issuer/variables.tf b/modules/security/keyvault_certificate_issuer/variables.tf index 99a4f55d32..578046a23a 100644 --- a/modules/security/keyvault_certificate_issuer/variables.tf +++ b/modules/security/keyvault_certificate_issuer/variables.tf @@ -1,8 +1,19 @@ -variable global_settings {} +variable global_settings { + description = "Global settings object (see module README.md)" +} variable settings {} -variable resource_group_name {} -variable location {} -variable base_tags {} +variable resource_group_name { + description = "(Required) The name of the resource group where to create the resource." + type = string +} +variable location { + description = "(Required) Specifies the supported Azure location where to create the resource. Changing this forces a new resource to be created." + type = string +} +variable base_tags { + description = "Base tags for the resource to be inherited from the resource group." + type = map +} variable password {} variable keyvault_id { default = null diff --git a/modules/security/keyvault_certificate_request/README.md b/modules/security/keyvault_certificate_request/README.md new file mode 100755 index 0000000000..1f5144c628 --- /dev/null +++ b/modules/security/keyvault_certificate_request/README.md @@ -0,0 +1,47 @@ +# Azure Key Vault Certificate Request + +This submodule is part of Cloud Adoption Framework landing zones for Azure on Terraform. + +You can instantiate this submodule directly using the following parameters: + +``` +module "caf_keyvault_certificate_request" { + source = "aztfmod/caf/azurerm//modules/security/keyvault_certificate_request" + version = "4.21.2" + # insert the 2 required variables here +} +``` + + +## Requirements + +| Name | Version | +|------|---------| +| terraform | >= 0.13 | + +## Providers + +| Name | Version | +|------|---------| +| azurerm | n/a | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| certificate\_issuers | n/a | `map` | `{}` | no | +| keyvault\_id | n/a | `any` | n/a | yes | +| settings | n/a | `any` | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| certificate\_attribute | n/a | +| certificate\_data | n/a | +| id | n/a | +| secret\_id | n/a | +| thumbprint | n/a | +| version | n/a | + + \ No newline at end of file diff --git a/modules/security/keyvault_certificate_request/module.tf b/modules/security/keyvault_certificate_request/module.tf index c5ff090e51..361f480003 100644 --- a/modules/security/keyvault_certificate_request/module.tf +++ b/modules/security/keyvault_certificate_request/module.tf @@ -1,5 +1,5 @@ resource "azurerm_key_vault_certificate" "csr" { - name = var.settings.name + name = var.settings.name key_vault_id = var.keyvault_id certificate_policy { @@ -10,7 +10,7 @@ resource "azurerm_key_vault_certificate" "csr" { exportable = var.settings.certificate_policy.exportable key_size = var.settings.certificate_policy.key_size key_type = try(var.settings.certificate_policy.key_type, "RSA") - reuse_key = var.settings.certificate_policy. reuse_key + reuse_key = var.settings.certificate_policy.reuse_key } lifetime_action { action { @@ -26,7 +26,7 @@ resource "azurerm_key_vault_certificate" "csr" { } dynamic x509_certificate_properties { - for_each = try(var.settings.certificate_policy.x509_certificate_properties, null) == null ? [] : [1] + for_each = try(var.settings.certificate_policy.x509_certificate_properties, null) == null ? [] : [1] content { extended_key_usage = try(var.settings.certificate_policy.x509_certificate_properties.extended_key_usage, null) @@ -35,8 +35,8 @@ resource "azurerm_key_vault_certificate" "csr" { validity_in_months = var.settings.certificate_policy.x509_certificate_properties.validity_in_months dynamic subject_alternative_names { - for_each = try(var.settings.certificate_policy.x509_certificate_properties.subject_alternative_names, null) == null ? [] : [1] - + for_each = try(var.settings.certificate_policy.x509_certificate_properties.subject_alternative_names, null) == null ? [] : [1] + content { dns_names = try(var.settings.certificate_policy.x509_certificate_properties.subject_alternative_names.dns_names) emails = try(var.settings.certificate_policy.x509_certificate_properties.subject_alternative_names.emails) diff --git a/modules/security/keyvault_certificate_request/output.tf b/modules/security/keyvault_certificate_request/output.tf index aea69989ee..2c2691ee85 100644 --- a/modules/security/keyvault_certificate_request/output.tf +++ b/modules/security/keyvault_certificate_request/output.tf @@ -1,18 +1,18 @@ output id { - value = azurerm_key_vault_certificate.csr.id + value = azurerm_key_vault_certificate.csr.id } output secret_id { - value = azurerm_key_vault_certificate.csr.secret_id + value = azurerm_key_vault_certificate.csr.secret_id } output version { - value = azurerm_key_vault_certificate.csr.version + value = azurerm_key_vault_certificate.csr.version } output certificate_data { - value = azurerm_key_vault_certificate.csr.certificate_data + value = azurerm_key_vault_certificate.csr.certificate_data } output thumbprint { - value = azurerm_key_vault_certificate.csr.thumbprint + value = azurerm_key_vault_certificate.csr.thumbprint } output certificate_attribute { - value = azurerm_key_vault_certificate.csr.certificate_attribute + value = azurerm_key_vault_certificate.csr.certificate_attribute } diff --git a/modules/security/managed_identity/README.md b/modules/security/managed_identity/README.md new file mode 100755 index 0000000000..2b39ffcb44 --- /dev/null +++ b/modules/security/managed_identity/README.md @@ -0,0 +1,49 @@ +# Azure Managed Identity + +This submodule is part of Cloud Adoption Framework landing zones for Azure on Terraform. + +You can instantiate this submodule directly using the following parameters: + +``` +module "caf_managed_identity" { + source = "aztfmod/caf/azurerm//modules/security/managed_identity" + version = "4.21.2" + # insert the 6 required variables here +} +``` + + +## Requirements + +| Name | Version | +|------|---------| +| terraform | >= 0.13 | + +## Providers + +| Name | Version | +|------|---------| +| azurecaf | n/a | +| azurerm | n/a | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| base\_tags | Base tags for the resource to be inherited from the resource group. | `map` | n/a | yes | +| global\_settings | Global settings object (see module README.md) | `any` | n/a | yes | +| location | (Required) Specifies the supported Azure location where to create the resource. Changing this forces a new resource to be created. | `string` | n/a | yes | +| name | n/a | `any` | n/a | yes | +| resource\_group\_name | (Required) The name of the resource group where to create the resource. | `string` | n/a | yes | +| tags | n/a | `any` | `null` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| client\_id | n/a | +| id | n/a | +| principal\_id | n/a | +| rbac\_id | This attribute is used to set the role assignment | + + \ No newline at end of file diff --git a/modules/security/managed_identity/variables.tf b/modules/security/managed_identity/variables.tf index fdae28713a..06d308df18 100644 --- a/modules/security/managed_identity/variables.tf +++ b/modules/security/managed_identity/variables.tf @@ -1,8 +1,19 @@ -variable resource_group_name {} -variable location {} +variable resource_group_name { + description = "(Required) The name of the resource group where to create the resource." + type = string +} +variable location { + description = "(Required) Specifies the supported Azure location where to create the resource. Changing this forces a new resource to be created." + type = string +} variable name {} -variable global_settings {} -variable base_tags {} +variable global_settings { + description = "Global settings object (see module README.md)" +} +variable base_tags { + description = "Base tags for the resource to be inherited from the resource group." + type = map +} variable tags { default = null } \ No newline at end of file diff --git a/modules/storage_account/README.md b/modules/storage_account/README.md new file mode 100755 index 0000000000..911e77c818 --- /dev/null +++ b/modules/storage_account/README.md @@ -0,0 +1,55 @@ +# Azure Storage account +This submodule is part of Cloud Adoption Framework landing zones for Azure on Terraform. + +You can instantiate this submodule directly using the following parameters: + +``` +module "caf_storage_account" { + source = "aztfmod/caf/azurerm//modules/storage_account" + version = "4.21.2" + # insert the 5 required variables here +} +``` + + +## Requirements + +| Name | Version | +|------|---------| +| terraform | >= 0.13 | + +## Providers + +| Name | Version | +|------|---------| +| azurecaf | n/a | +| azurerm | n/a | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| base\_tags | n/a | `map` | `{}` | no | +| client\_config | Client configuration object (see module README.md). | `any` | n/a | yes | +| global\_settings | Global settings object (see module README.md) | `any` | n/a | yes | +| location | (Required) Specifies the supported Azure location where to create the resource. Changing this forces a new resource to be created. | `string` | n/a | yes | +| private\_endpoints | n/a | `map` | `{}` | no | +| recovery\_vaults | n/a | `map` | `{}` | no | +| resource\_group\_name | (Required) The name of the resource group where to create the resource. | `string` | n/a | yes | +| resource\_groups | n/a | `map` | `{}` | no | +| storage\_account | n/a | `any` | n/a | yes | +| vnets | n/a | `map` | `{}` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| containers | n/a | +| data\_lake\_filesystems | n/a | +| id | n/a | +| location | n/a | +| name | n/a | +| primary\_blob\_endpoint | n/a | +| resource\_group\_name | n/a | + + \ No newline at end of file diff --git a/modules/storage_account/variables.tf b/modules/storage_account/variables.tf index aa6e0c2bb1..15aeb6d0e0 100755 --- a/modules/storage_account/variables.tf +++ b/modules/storage_account/variables.tf @@ -1,8 +1,18 @@ -variable global_settings {} -variable client_config {} +variable global_settings { + description = "Global settings object (see module README.md)" +} +variable client_config { + description = "Client configuration object (see module README.md)." +} variable storage_account {} -variable resource_group_name {} -variable location {} +variable resource_group_name { + description = "(Required) The name of the resource group where to create the resource." + type = string +} +variable location { + description = "(Required) Specifies the supported Azure location where to create the resource. Changing this forces a new resource to be created." + type = string +} variable vnets { default = {} } diff --git a/modules/subscriptions/README.md b/modules/subscriptions/README.md new file mode 100755 index 0000000000..2abfa4adf1 --- /dev/null +++ b/modules/subscriptions/README.md @@ -0,0 +1,37 @@ +# Azure Subscription diagnostics +This submodule is part of Cloud Adoption Framework landing zones for Azure on Terraform. + +You can instantiate this submodule directly using the following parameters: + +``` +module "caf_subscriptions" { + source = "aztfmod/caf/azurerm//modules/subscriptions" + version = "4.21.2" + # insert the 4 required variables here +} +``` + + +## Requirements + +No requirements. + +## Providers + +No provider. + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| diagnostics | For diagnostics settings | `map` | `{}` | no | +| global\_settings | Global settings object (see module README.md) | `any` | n/a | yes | +| primary\_subscription\_id | n/a | `any` | n/a | yes | +| subscription | n/a | `any` | n/a | yes | +| subscription\_key | n/a | `any` | n/a | yes | + +## Outputs + +No output. + + \ No newline at end of file diff --git a/modules/subscriptions/variables.tf b/modules/subscriptions/variables.tf index 09bc9cbd3e..4da68d07c9 100755 --- a/modules/subscriptions/variables.tf +++ b/modules/subscriptions/variables.tf @@ -1,7 +1,9 @@ variable subscription {} variable subscription_key {} variable primary_subscription_id {} -variable global_settings {} +variable global_settings { + description = "Global settings object (see module README.md)" +} # For diagnostics settings variable diagnostics { diff --git a/modules/webapps/appservice/README.md b/modules/webapps/appservice/README.md new file mode 100755 index 0000000000..07439bfc5f --- /dev/null +++ b/modules/webapps/appservice/README.md @@ -0,0 +1,55 @@ +# Azure App Service +This submodule is part of Cloud Adoption Framework landing zones for Azure on Terraform. + +You can instantiate this submodule directly using the following parameters: + +``` +module "caf_appservice" { + source = "aztfmod/caf/azurerm//modules/webapps/appservice" + version = "4.21.2" + # insert the 11 required variables here +} +``` + + +## Requirements + +| Name | Version | +|------|---------| +| terraform | >= 0.13 | + +## Providers + +| Name | Version | +|------|---------| +| azurecaf | n/a | +| azurerm | n/a | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| app\_service\_plan\_id | n/a | `any` | n/a | yes | +| app\_settings | n/a | `any` | `null` | no | +| application\_insight | n/a | `any` | `null` | no | +| base\_tags | Base tags for the resource to be inherited from the resource group. | `map` | n/a | yes | +| connection\_strings | n/a | `map` | `{}` | no | +| global\_settings | Global settings object (see module README.md) | `any` | n/a | yes | +| identity | n/a | `any` | `null` | no | +| location | (Required) Resource Location | `any` | n/a | yes | +| name | (Required) Name of the App Service | `any` | n/a | yes | +| resource\_group\_name | (Required) Resource group of the App Service | `any` | n/a | yes | +| settings | n/a | `any` | n/a | yes | +| slots | n/a | `map` | `{}` | no | +| tags | (Required) map of tags for the deployment | `any` | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| default\_site\_hostname | The Default Hostname associated with the App Service | +| id | The ID of the App Service. | +| outbound\_ip\_addresses | A comma separated list of outbound IP addresses | +| possible\_outbound\_ip\_addresses | A comma separated list of outbound IP addresses. not all of which are necessarily in use | + + \ No newline at end of file diff --git a/modules/webapps/appservice/variables.tf b/modules/webapps/appservice/variables.tf index ec954e8d6a..82eee11cf6 100755 --- a/modules/webapps/appservice/variables.tf +++ b/modules/webapps/appservice/variables.tf @@ -41,6 +41,11 @@ variable application_insight { variable settings {} -variable global_settings {} +variable global_settings { + description = "Global settings object (see module README.md)" +} -variable base_tags {} \ No newline at end of file +variable base_tags { + description = "Base tags for the resource to be inherited from the resource group." + type = map +} \ No newline at end of file diff --git a/modules/webapps/ase/README.md b/modules/webapps/ase/README.md new file mode 100755 index 0000000000..d86c42238d --- /dev/null +++ b/modules/webapps/ase/README.md @@ -0,0 +1,62 @@ +# Azure App Service Environment +This submodule is part of Cloud Adoption Framework landing zones for Azure on Terraform. + +You can instantiate this submodule directly using the following parameters: + +``` +module "caf_ase" { + source = "aztfmod/caf/azurerm//modules/webapps/ase" + version = "4.21.2" + # insert the 14 required variables here +} +``` + + +## Requirements + +| Name | Version | +|------|---------| +| terraform | >= 0.13 | + +## Providers + +| Name | Version | +|------|---------| +| azurecaf | n/a | +| azurerm | n/a | +| null | n/a | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| base\_tags | Base tags for the resource to be inherited from the resource group. | `map` | n/a | yes | +| diagnostic\_profiles | n/a | `any` | `null` | no | +| diagnostics | n/a | `any` | `null` | no | +| front\_end\_count | Number of instances in the front-end pool. Minimum of two. | `string` | `"2"` | no | +| front\_end\_size | Instance size for the front-end pool. | `string` | `"Standard_D1_V2"` | no | +| global\_settings | Global settings object (see module README.md) | `any` | n/a | yes | +| internalLoadBalancingMode | n/a | `any` | n/a | yes | +| kind | (Required) Kind of resource. Possible value are ASEV2 | `any` | n/a | yes | +| location | (Required) Resource Location | `any` | n/a | yes | +| name | (Required) Name of the App Service Environment | `any` | n/a | yes | +| private\_dns | n/a | `map` | `{}` | no | +| resource\_group\_name | (Required) Resource group of the ASE | `any` | n/a | yes | +| settings | n/a | `any` | n/a | yes | +| subnet\_id | (Required) Name of the Virtual Network for the ASE | `any` | n/a | yes | +| subnet\_name | n/a | `any` | n/a | yes | +| tags | (Required) map of tags for the deployment | `any` | n/a | yes | +| zone | (Required) Availability Zone of resource. Possible value are 1, 2 or 3 | `any` | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| a\_records | n/a | +| id | App Service Environment Resource Id | +| ilb\_ip | n/a | +| name | App Service Environment Name | +| subnet\_id | n/a | +| zone | n/a | + + \ No newline at end of file diff --git a/modules/webapps/ase/variables.tf b/modules/webapps/ase/variables.tf index b890f773ce..b499955e13 100644 --- a/modules/webapps/ase/variables.tf +++ b/modules/webapps/ase/variables.tf @@ -53,7 +53,9 @@ variable front_end_count { default = "2" } -variable global_settings {} +variable global_settings { + description = "Global settings object (see module README.md)" +} variable private_dns { default = {} @@ -61,4 +63,7 @@ variable private_dns { variable settings {} -variable base_tags {} \ No newline at end of file +variable base_tags { + description = "Base tags for the resource to be inherited from the resource group." + type = map +} \ No newline at end of file diff --git a/modules/webapps/asp/README.md b/modules/webapps/asp/README.md new file mode 100755 index 0000000000..968e6a3491 --- /dev/null +++ b/modules/webapps/asp/README.md @@ -0,0 +1,49 @@ +# Azure App Service Plan +This submodule is part of Cloud Adoption Framework landing zones for Azure on Terraform. + +You can instantiate this submodule directly using the following parameters: + +``` +module "caf_asp" { + source = "aztfmod/caf/azurerm//modules/webapps/asp" + version = "4.21.2" + # insert the 7 required variables here +} +``` + + +## Requirements + +| Name | Version | +|------|---------| +| terraform | >= 0.13 | + +## Providers + +| Name | Version | +|------|---------| +| azurecaf | n/a | +| azurerm | n/a | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| app\_service\_environment\_id | (Required) ASE Id for App Service Plan Hosting Environment | `any` | `null` | no | +| base\_tags | Base tags for the resource to be inherited from the resource group. | `map` | n/a | yes | +| global\_settings | Global settings object (see module README.md) | `any` | n/a | yes | +| kind | (Optional) The kind of the App Service Plan to create. Possible values are Windows (also available as App), Linux, elastic (for Premium Consumption) and FunctionApp (for a Consumption Plan). Defaults to Windows. Changing this forces a new resource to be created. | `string` | `"Windows"` | no | +| location | (Required) Specifies the supported Azure location where to create the resource. Changing this forces a new resource to be created. | `string` | n/a | yes | +| resource\_group\_name | (Required) The name of the resource group where to create the resource. | `string` | n/a | yes | +| settings | n/a | `any` | n/a | yes | +| tags | (Required) map of tags for the deployment | `any` | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| ase\_id | n/a | +| id | n/a | +| maximum\_number\_of\_workers | n/a | + + \ No newline at end of file diff --git a/modules/webapps/asp/variables.tf b/modules/webapps/asp/variables.tf index 78989c6a05..e71629e00d 100644 --- a/modules/webapps/asp/variables.tf +++ b/modules/webapps/asp/variables.tf @@ -9,9 +9,15 @@ variable app_service_environment_id { default = null } -variable resource_group_name {} +variable resource_group_name { + description = "(Required) The name of the resource group where to create the resource." + type = string +} -variable location {} +variable location { + description = "(Required) Specifies the supported Azure location where to create the resource. Changing this forces a new resource to be created." + type = string +} variable settings {} @@ -20,6 +26,11 @@ variable kind { default = "Windows" } -variable global_settings {} +variable global_settings { + description = "Global settings object (see module README.md)" +} -variable base_tags {} \ No newline at end of file +variable base_tags { + description = "Base tags for the resource to be inherited from the resource group." + type = map +} \ No newline at end of file diff --git a/mysql_servers.tf b/mysql_servers.tf index 4b94a1b669..db502b8df0 100644 --- a/mysql_servers.tf +++ b/mysql_servers.tf @@ -22,4 +22,4 @@ module "mysql_servers" { private_endpoints = try(each.value.private_endpoints, {}) resource_groups = try(each.value.private_endpoints, {}) == {} ? null : module.resource_groups base_tags = try(local.global_settings.inherit_tags, false) ? module.resource_groups[each.value.resource_group_key].tags : {} -} \ No newline at end of file +} \ No newline at end of file From 0bdd45e6d48867b959ad6c495d4fa116bebc52ea Mon Sep 17 00:00:00 2001 From: Arnaud Lheureux Date: Wed, 6 Jan 2021 02:57:21 +0000 Subject: [PATCH 2/6] Adding private key detection hook in autocommit --- .pre-commit-config.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index b4df8adf3f..ece8761e70 100755 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -17,6 +17,7 @@ repos: - id: trailing-whitespace - id: check-yaml - id: check-added-large-files + - id: detect-private-key # - repo: git://github.com/markdownlint/markdownlint # rev: v0.9.0 # hooks: From 896b932305c92718ca00bf19306c5bc8b740f21a Mon Sep 17 00:00:00 2001 From: Arnaud Lheureux Date: Wed, 6 Jan 2021 02:58:38 +0000 Subject: [PATCH 3/6] Consistency fix for call to virtual network via local.networking object --- locals.tf | 1 + networking.tf | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/locals.tf b/locals.tf index f73df3007a..dbc3672942 100644 --- a/locals.tf +++ b/locals.tf @@ -57,6 +57,7 @@ locals { virtual_network_gateways = try(var.networking.virtual_network_gateways, {}) virtual_network_gateway_connections = try(var.networking.virtual_network_gateway_connections, {}) virtual_wans = try(var.networking.virtual_wans, {}) + vnets = try(var.networking.vnets, {}) vnet_peerings = try(var.networking.vnet_peerings, {}) } diff --git a/networking.tf b/networking.tf index d15e1e8eeb..6bf0ef20d6 100755 --- a/networking.tf +++ b/networking.tf @@ -18,7 +18,7 @@ output public_ip_addresses { module "networking" { source = "./modules/networking/virtual_network" - for_each = try(var.networking.vnets, {}) + for_each = local.networking.vnets location = lookup(each.value, "region", null) == null ? module.resource_groups[each.value.resource_group_key].location : local.global_settings.regions[each.value.region] resource_group_name = module.resource_groups[each.value.resource_group_key].name From e6c952f0dd342dd939cda11c62cda71c044e9d03 Mon Sep 17 00:00:00 2001 From: Arnaud Lheureux Date: Wed, 6 Jan 2021 03:00:57 +0000 Subject: [PATCH 4/6] Adding variables description and stale var cleanup (montoring, cosmosdbs, localnetworkgateway) --- variables.tf | 79 +++++++++++++++++++++++++++++++++------------------- 1 file changed, 50 insertions(+), 29 deletions(-) diff --git a/variables.tf b/variables.tf index c4360a2a7b..e3e866b5b0 100755 --- a/variables.tf +++ b/variables.tf @@ -1,5 +1,6 @@ # Global settings variable global_settings { + description = "Global settings object for the current deployment." default = { passthrough = false random_length = 4 @@ -12,23 +13,33 @@ variable global_settings { } variable tenant_id { - default = null + description = "Azure AD Tenant ID for the current deployment." + default = null } variable current_landingzone_key { - default = "standalone" + description = "Key for the current landing zones where the deployment is executed. Used in the context of landing zone deployment." + default = "standalone" + type = string } variable tfstates { - default = {} + description = "Terraform states configuration object. Used in the context of landing zone deployment." + default = {} } variable enable { - description = "Map of services defined in the configuration file you want to disable during a deployment" - default = {} + description = "Map of services defined in the configuration file you want to disable during a deployment." + default = { + # bastion_hosts = true + # virtual_machines = true + } } + variable environment { - default = "sandpit" + description = "Name of the CAF environment." + type = string + default = "sandpit" } variable logged_user_objectId { @@ -41,16 +52,19 @@ variable logged_aad_app_objectId { } variable use_msi { - default = false + description = "Deployment using an MSI for authentication." + default = false + type = bool } variable tags { - type = map - default = null + description = "Tags to be used for this resource deployment." + type = map + default = null } variable resource_groups { - description = "Name of the existing resource group to deploy the virtual machine" + description = "Resource groups configuration objects" default = {} } @@ -117,25 +131,33 @@ variable azuread_api_permissions { ## Compute variables variable compute { - description = "Compute object" + description = "Compute configuration objects" default = { virtual_machines = {} } } variable webapp { - default = {} + description = "Web applications configuration objects" + default = { + # app_services = {} + # app_service_environments = {} + # app_service_plans = {} + # azurerm_application_insights = {} + } } ## Databases variables variable database { - default = {} + description = "Database configuration objects" + default = {} } ## Networking variables variable networking { - default = {} + description = "Networking configuration objects" + default = {} } ## Security variables @@ -144,11 +166,13 @@ variable security { } variable managed_identities { - default = {} + description = "Managed Identity configuration objects" + default = {} } variable keyvaults { - default = {} + description = "Key Vault configuration objects" + default = {} } variable keyvault_access_policies { @@ -160,7 +184,8 @@ variable keyvault_access_policies_azuread_apps { } variable custom_role_definitions { - default = {} + description = "Custom role definitions configuration objects" + default = {} } variable role_mapping { default = { @@ -178,7 +203,8 @@ variable storage_accounts { default = {} } variable storage { - default = {} + description = "Storage configuration objects" + default = {} } variable diagnostic_storage_accounts { default = {} @@ -186,19 +212,14 @@ variable diagnostic_storage_accounts { # Shared services variable shared_services { - default = {} + description = "Shared services configuration objects" + default = { + # automations = {} + # monitoring = {} + # recovery_vaults = {} + } } -variable monitoring { - default = {} -} variable keyvault_certificate_issuers { default = {} } -variable cosmos_dbs { - default = {} -} - -variable local_network_gateways { - default = {} -} From f1c530ce9218e2e6989ff2a3177f09adccb1423f Mon Sep 17 00:00:00 2001 From: Arnaud Lheureux Date: Thu, 7 Jan 2021 13:22:43 +0000 Subject: [PATCH 5/6] Iterating documentation and adding sensitive to akv and sa outputs. --- README.md | 2 + documentation/coding_cec.md | 3 - documentation/conventions.md | 307 ++++++++++++++++++ examples/README.md | 1 - keyvault.tf | 3 +- modules/analytics/machine_learning/readme.md | 2 +- .../analytics/machine_learning/variables.tf | 4 +- storage_accounts.tf | 3 +- 8 files changed, 316 insertions(+), 9 deletions(-) delete mode 100644 documentation/coding_cec.md create mode 100644 documentation/conventions.md diff --git a/README.md b/README.md index fea9edc4d1..b8b249ba7f 100755 --- a/README.md +++ b/README.md @@ -51,6 +51,8 @@ You can also reach us on [Gitter](https://gitter.im/aztfmod/community?utm_source ## Contributing +In order to contribute to the project, please review the module contribution and [conventions guidelines](./documentation/conventions.md) + This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com. diff --git a/documentation/coding_cec.md b/documentation/coding_cec.md deleted file mode 100644 index 8c32e1e5e9..0000000000 --- a/documentation/coding_cec.md +++ /dev/null @@ -1,3 +0,0 @@ -# Common Engineering Criteria for landing zones module - -## Module diff --git a/documentation/conventions.md b/documentation/conventions.md new file mode 100644 index 0000000000..f6f07d2bce --- /dev/null +++ b/documentation/conventions.md @@ -0,0 +1,307 @@ +# Cloud Adoption Framework for Azure - Terraform Module development guidelines + +This document summarizes our coding practices for the CAF module, they are liberally based on https://www.terraform.io/docs/modules/index.html. + +We moved from multiple modules to one unified module for CAF landing zones on Terraform. This single module will call different sub-modules each stored inside a different directory. + +## Process to contribute + +Module contribution workflow: + +1. In the GitHub Issues, verify if there is an Epic covering the module you are describing. +2. If the change you are proposing is a sub-feature of an epic, please open an issue describing your changes in details and the reasons for the change with an example. +3. On submitting the PR, please mention the Issue related to the PR. + +Checklist for module PR review: + +1. Make sure you are using the Visual Studio Dev environment with pre-commit hooks effective. +2. Matching with coding conventions and common engineering criteria described below. +3. Provide examples including the main scenarios the module is supposed to achieve. +4. Include integration testing for all examples. + +## Module structure + +This module contain all the logic files at the root and conditionally calls sub-modules to create resources where the right variables have been customized. + +### Root module file structure + +The main module directory contains the following files: + +| Filename | Content | +|------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| main.tf | Contains the version requirements, for providers, data sources if needed. | +| variables.tf | Contains the input variables for the whole module. | +| output.tf | Contains the output variables for the whole module. | +| resourcenames.tf | Contains the call to the resource creation logic. This will call the sub module with all the parameters needed for the particular resource you want to deploy, inside the /module/resourcename folder. When there are a lot of resouces of the same type, they can be grouped into a subdirectory (for instance, all network-related resources are under /module/networking) | +| README.MD | Short description of the features the module is achieving, the input and output variables. | +| UPGRADE.MD | Contains upgrade instructions if anyfor module update inside a landing zone. | + +### Sub modules file structure + +For each sub module directory, you should have the following files: + +| Filename | Content | +|--------------|--------------------------------------------------------------------------------------------------------| +| main.tf | Contains the version requirements, for providers, data sources if needed. | +| variables.tf | Contains the input variables for the whole module. | +| output.tf | Contains the output variables for the whole module. | +| README.MD | Short description of the features the module is achieving, the input and output variables. | +| diagnostics.tf | Contains the call to the diagnostics and operations logs features for the resources created in the module. This will be called via the external diagnostics module using the arguments passed in tfvars. | + +### Examples file structure + +Each module must have at least an example located in the ```/examples``` folder, that must be easy to trigger, and must work: +1. Using rover. +2. Using native Terraform. + +For more information on examples and its structure, please refer to the [example documentation](./examples/README.md) + +### Module Output conventions + +As a convention we will use the following minimal module outputs: + +| Output variable name | Content | +|----------------------|----------------------------------| +| id | returns the object identifiers | +| name | returns the object name | +| object | returns the full resource object | + +This can be added with any other resource specific outputs, please remember to mark as sensitive any output including identifiers or secrets in order not to be revealed in log files. + +## Common engineering criteria + +### CEC1: Using naming convention provider + +Every resource created must use the naming convention provider as published on the [Terraform registry](https://registry.terraform.io/providers/aztfmod/azurecaf/latest) + +All supported resource types are described [in the documentation](https://registry.terraform.io/providers/aztfmod/azurecaf/latest/docs/resources/azurecaf_name) + +If you are developing a module for which there is no current support for naming convention method, please submit an issue: https://github.com/aztfmod/terraform-provider-azurecaf/issues + +Example of naming convention provider usage to create a virtual network: + +```hcl +resource "azurecaf_name" "caf_name_vnet" { + + name = var.settings.vnet.name + resource_type = "azurerm_virtual_network" + prefixes = [var.global_settings.prefix] + random_length = var.global_settings.random_length + clean_input = true + passthrough = var.global_settings.passthrough + use_slug = var.global_settings.use_slug +} +``` + +At the resource creation, you use the ```result``` output of the ```azurecaf_naming_convention``` provider: + +```hcl +resource "azurerm_virtual_network" "vnet" { + name = azurecaf_name.caf_name_vnet.result + location = var.location + resource_group_name = var.resource_group_name + address_space = var.settings.vnet.address_space + tags = local.tags +``` + +Documentation for all supported field is provided in the [documentation here](https://registry.terraform.io/providers/aztfmod/azurecaf/latest/docs/resources/azurecaf_name) + +### CEC2: Using global_settings configuration object + +An object called ```global_settings``` is created and used by the module. It governs the creation of resources based on a set of common criteria (naming convention, prefixes, region of the deployment, name of the environment, tags inheritance settings, etc.), the content of this object is defined in ```locals.tf``` of the root module. The content of this variable can be customized when the module is called in order to inherit and shared the configuration settings consistently across landing zones. + +The default content is: + +```hcl + global_settings = { + prefix = local.prefix + prefix_with_hyphen = local.prefix == "" ? "" : "${local.prefix}-" + prefix_start_alpha = local.prefix == "" ? "" : "${random_string.alpha1.result}${local.prefix}" + default_region = lookup(var.global_settings, "default_region", "region1") + environment = lookup(var.global_settings, "environment", var.environment) + random_length = try(var.global_settings.random_length, 0) + regions = var.global_settings.regions + passthrough = try(var.global_settings.passthrough, false) + inherit_tags = try(var.global_settings.inherit_tags, false) + use_slug = try(var.global_settings.use_slug, true) + } +``` + +### CEC3: Iterate resource creation + +At the root of the module, the call and iteration for the sub modules is declared as follow. + +```hcl +module "networking" { + source = "./modules/networking/virtual_network" + for_each = local.networking.vnets + + location = lookup(each.value, "region", null) == null ? module.resource_groups[each.value.resource_group_key].location : local.global_settings.regions[each.value.region] + resource_group_name = module.resource_groups[each.value.resource_group_key].name + settings = each.value + network_security_group_definition = local.networking.network_security_group_definition + route_tables = module.route_tables + tags = try(each.value.tags, null) + diagnostics = local.combined_diagnostics + global_settings = local.global_settings + ddos_id = try(azurerm_network_ddos_protection_plan.ddos_protection_plan[each.value.ddos_services_key].id, "") + base_tags = try(local.global_settings.inherit_tags, false) ? module.resource_groups[each.value.resource_group_key].tags : {} + network_watchers = try(local.combined_objects_network_watchers, null) +} +``` + +Each object within ```vnets``` object structure can contain one or more Virtual Network resources to be deployed. + +The module's README.MD (here under ./modules/networking/virtual_network) must expose the required and optional fields inside the object iteration (iterated at ```settings = each.value```) + +### CEC4 Diagnostics settings deployment + +Each module must call the appropriate diagnostics settings leveraging the diagnostics sub module: + +```hcl +module diagnostics { + source = "../../diagnostics" + count = var.diagnostic_profiles == null ? 0 : 1 + + resource_id = azurerm_kubernetes_cluster.aks.id + resource_location = var.resource_group.location + diagnostics = var.diagnostics + profiles = var.diagnostic_profiles +} +``` + +For each resource, the variable ```diagnostic_profiles``` will be used to store the diagnostic settings for the module as follow: +```hcl +diagnostic_profiles = { + central_logs_region1 = { + definition_key = "azure_kubernetes_cluster" + destination_type = "log_analytics" + destination_key = "central_logs" + } + } +``` + +In this example, we refer to the diagnostics ```definition_key``` being ```azure_kubernetes_cluster``` defined as below: +```hcl +azure_kubernetes_cluster = { + name = "operational_logs_and_metrics" + categories = { + log = [ + # ["Category name", "Diagnostics Enabled(true/false)", "Retention Enabled(true/false)", Retention_period] + ["kube-apiserver", true, false, 7], + ["kube-audit", true, false, 7], + ["kube-audit-admin", true, false, 7], + ["kube-controller-manager", true, false, 7], + ["kube-scheduler", true, false, 7], + ["cluster-autoscaler", true, false, 7], + ["guard", true, false, 7], + ] + metric = [ + #["Category name", "Diagnostics Enabled(true/false)", "Retention Enabled(true/false)", Retention_period] + ["AllMetrics", true, false, 7], + ] + } +} +``` + +### CEC5: Standalone resource creation + +Every resource (here sub-module) should be able to be called autonomously from the Terraform registry using the following syntax: + +```hcl +module "caf_virtual_machine" { + source = "aztfmod/caf/azurerm//modules/compute/virtual_machine" + version = "4.21.2" + # insert the 7 required variables here +} +``` + +### CEC6: Avoid count iterators + +In order to allow reliable iterations within the modules, we recommend using ```for_each``` iteration and decomission usage of count for iterations as much as possible. + +```hcl +resource "azurerm_log_analytics_solution" "la_solution" { + for_each = var.solution_plan_map + + solution_name = each.key + location = var.location + resource_group_name = var.resource_group_name + workspace_resource_id = azurerm_log_analytics_workspace.log_analytics.id + workspace_name = azurerm_log_analytics_workspace.log_analytics.name + + plan { + product = each.value.product + publisher = each.value.publisher + } +} +``` + +This will allow: + +1. More reliable lifecycles for resources your create iteratively. +2. Using ```key`` that can be leveraged in other modules or resources iterations. +3. Better visibility in the log files. + +### CEC7: Variables custom validation + +Starting in Terraform 0.13, you can leverage custom variables validation. As documented [here](https://www.terraform.io/docs/configuration/variables.html) we recommend roll-out of this feature in the module. + +Example: Custom validation +```hcl +variable convention { + description = "(Required) Naming convention to use" + type = string + default = "cafrandom" + + validation { + condition = contains(["cafrandom", "random", "passthrough", "cafclassic"], var.convention) + error_message = "Allowed values are cafrandom, random, passthrough or cafclassic." + } +} +``` + +### CEC8: Complex objects typing + +Starting in Terraform 0.14 as experimental, complex object fields can be defined optional, we recommend preparing for this feature roll-out when you write your module. + +Example: Optional fields in complex objects: + +```hcl +variable settings { + description = "Configuration object for the Databricks workspace." + type = object({ + name = string + resource_group_key = string + sku = optional(string) + managed_resource_group_name = optional(string) + tags = optional(map(string)) + custom_parameters = object({ + no_public_ip = bool + public_subnet_key = string + private_subnet_key = string + vnet_key = string + }) + }) +} +``` + +## Tooling + +Modules must be developed using rover version > 2006.x as it comes with required tools: + +* pre-commit: adds Git hooks before commits. +* terraform_docs: automated generation of documentation. +* tfsec: security static code analysis. + +## Unit and integration testing + +Each module must implement integration and unit testing using GitHub Actions following the example here: https://github.com/aztfmod/terraform-azurerm-caf-resource-group + +Please refer to the unit and integration testing reference article: https://github.com/Azure/caf-terraform-landingzones/blob/master/documentation/test/unit_test.md + +### GitHub Actions for Testing + +New modules must implement the automation of integration testing using GitHub actions and deploying the examples in an Azure test subscription. + +[Back to summary](../README.md) diff --git a/examples/README.md b/examples/README.md index 5404bd6124..f5b6ac5e51 100755 --- a/examples/README.md +++ b/examples/README.md @@ -17,7 +17,6 @@ rover login rover login --tenant .onmicrosoft.com -s ``` - 2. Deploy the basic launchpad ```bash diff --git a/keyvault.tf b/keyvault.tf index 36096f3922..1dea85d797 100755 --- a/keyvault.tf +++ b/keyvault.tf @@ -47,5 +47,6 @@ module "keyvault_access_policies_azuread_apps" { output keyvaults { - value = module.keyvaults + value = module.keyvaults + sensitive = true } diff --git a/modules/analytics/machine_learning/readme.md b/modules/analytics/machine_learning/readme.md index 7a6b952c5a..7d03cbc4eb 100755 --- a/modules/analytics/machine_learning/readme.md +++ b/modules/analytics/machine_learning/readme.md @@ -136,7 +136,7 @@ No requirements. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| | application\_insights\_id | The ID of the App Insights to be used by the nachine learning workspace. | `string` | n/a | yes | -| base\_tags | Base tags for the resource to be inherited from the resource group. | `map` | n/a | yes | +| base\_tags | Base tags for the resource to be inherited from the resource group. | `map(any)` | n/a | yes | | client\_config | Client configuration object (see module README.md). | `any` | n/a | yes | | global\_settings | Global settings object (see module README.md) | `any` | n/a | yes | | keyvault\_id | The ID of the Key Vault to be used by the machine learning workspace. | `string` | n/a | yes | diff --git a/modules/analytics/machine_learning/variables.tf b/modules/analytics/machine_learning/variables.tf index cd0d843323..78b89b728b 100644 --- a/modules/analytics/machine_learning/variables.tf +++ b/modules/analytics/machine_learning/variables.tf @@ -5,8 +5,8 @@ variable settings { # name = string # resource_group_key = string # application_insights_id = string - # key_vault_id = (string) - # storage_account_id = (string) + # key_vault_id = optional(string) + # storage_account_id = optional(string) # tags = optional(map(string)) # sku_name = string # #identity {} diff --git a/storage_accounts.tf b/storage_accounts.tf index 20d357ff7c..e1163f3347 100755 --- a/storage_accounts.tf +++ b/storage_accounts.tf @@ -17,5 +17,6 @@ module "storage_accounts" { } output storage_accounts { - value = module.storage_accounts + value = module.storage_accounts + sensitive = true } From 2bd193fa31e1d1c7a177ede6da432c059f8debbe Mon Sep 17 00:00:00 2001 From: Arnaud Lheureux Date: Fri, 8 Jan 2021 09:03:02 +0000 Subject: [PATCH 6/6] Workspace object name for databricks --- modules/analytics/databricks_workspace/workspace.tf | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/modules/analytics/databricks_workspace/workspace.tf b/modules/analytics/databricks_workspace/workspace.tf index ff87749db6..881e35691b 100644 --- a/modules/analytics/databricks_workspace/workspace.tf +++ b/modules/analytics/databricks_workspace/workspace.tf @@ -1,5 +1,6 @@ # naming convention -resource "azurecaf_name" "ws" { +#TODO rename object from wp to ws for consistency +resource "azurecaf_name" "wp" { name = var.settings.name resource_type = "azurerm_databricks_workspace" prefixes = [var.global_settings.prefix] @@ -11,7 +12,7 @@ resource "azurecaf_name" "ws" { # Databricks workspace resource "azurerm_databricks_workspace" "ws" { - name = azurecaf_name.ws.result + name = azurecaf_name.wp.result resource_group_name = var.resource_group_name location = var.location sku = try(var.settings.sku, "standard")